Re: Finding Servers Using OpenSSL SSL/TLS

[Tim Doty <tdoty () MST EDU>]

ubuntu is a good example:

$ openssl version
OpenSSL 1.0.1 14 Mar 2012

Yet it has been patched (and tested to ensure that is no longer vulnerable).

For that matter: make sure that you test patched systems. The patch was 
pushed out early Monday to all managed servers, but for some reason did 
not take on two of them.

Tim Doty

On 04/11/2014 12:58 PM, Ken Connelly wrote:
> Please note that some distros backport patches, so the version string
> may not be meaningful.
>
> - ken
>
> On 4/11/14, 12:15 PM, Peter Setlak wrote:
> > Along with watching for SSL traffic, we've been checking systems that
> > may have OpenSSL installed and running:
> >
> > ./openssl version
> >
> > Hoping they come back 0.98 (or at least not 1.0.1[-f]).
> >
> >
> > On Fri, Apr 11, 2014 at 1:11 PM, Joel L. Rosenblatt <joel () columbia edu
> > <mailto:joel () columbia edu>> wrote:
> >
> >      We have been running a ssltest python script (from
> >      https://gist.github.com/jpicht/10114168) and verifying the results
> >      with the http://filippo.io/Heartbleed web site
> >
> >      We have repaired all but 1 or 2 at this point - the process will keep
> >      on running to catch new ones that will pop up
> >
> >      Thanks,
> >      Joel
> >
> >
> >      Joel Rosenblatt, Director Network & Computer Security
> >      Columbia Information Security Office (CISO)
> >      Columbia University, 612 W 115th Street, NY, NY 10025 /212 854
> >      3033 <tel:%20212%20854%203033>
> >      http://www.columbia.edu/~joel <http://www.columbia.edu/%7Ejoel>
> >      Public PGP key
> >      http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3
> >
> >
> >      On Fri, Apr 11, 2014 at 12:52 PM, Steven Carmody
> >      <steven_carmody () brown edu <mailto:steven_carmody () brown edu>> wrote:
> >      > On 4/11/14 12:49 PM, Joel L. Rosenblatt wrote:
> >      >>
> >      >> We keep a constantly updating list of any IP address that accepts
> >      >> connections on port 443 using netflow information, we test them for
> >      >> the Heartbleed bug and inform the machine owner if they have a
> >      problem
> >      >>
> >      >
> >      > Can you provide any more detailing info about how you test
> >      machines for the
> >      > Heartbleed vulnerability ? Are you looking at the headers that
> >      returned, or
> >      > doing something else ?
> >      >
> >
> >
> >
> >
> > --
> > Thank you,
> >
> > Peter J. Setlak
> > Network Security Analyst, GSEC, GLEG, GCPM
> > Colgate University
> > ---
> > psetlak () colgate edu <mailto:psetlak () colgate edu>
> > (315) 228-7151
> > Case-Geyer 450
> >
> > Colgate IT Security - http://colgate.edu/itsecurity
> >
> > Think *Green!* Please consider the environment before printing this
> > email.
> >
> > *Engage with Colgate University:
> > *
> > News blog <http://blogs.colgate.edu/>, Twitter
> > <https://twitter.com/#%21/colgateuniv>, Facebook
> > <https://www.facebook.com/colgateuniversity>, Google+
> > <https://plus.google.com/u/0/b/113333907606560373469/>, Delicious
> > <http://www.delicious.com/colgatenewsmakers>, YouTube
> > <http://www.youtube.com/cuatchannel13>, Flickr
> > <http://www.flickr.com/photos/colgateuniversity/>, Pinterest
> > <http://pinterest.com/colgateuniv/>, LinkedIn
> > <http://www.linkedin.com/company/colgate-university/>

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature