Re: Finding Servers Using OpenSSL SSL/TLS

[Peter Setlak <psetlak () COLGATE EDU>]

We saw the same thing when we patched a server - after the (successful)
patch, it came back with 1.0.1e.


On Fri, Apr 11, 2014 at 2:05 PM, Tim Doty <tdoty () mst edu> wrote:

> ubuntu is a good example:
>
> $ openssl version
> OpenSSL 1.0.1 14 Mar 2012
>
> Yet it has been patched (and tested to ensure that is no longer
> vulnerable).
>
> For that matter: make sure that you test patched systems. The patch was
> pushed out early Monday to all managed servers, but for some reason did not
> take on two of them.
>
> Tim Doty
>
>
> On 04/11/2014 12:58 PM, Ken Connelly wrote:
>
> > Please note that some distros backport patches, so the version string
> > may not be meaningful.
> >
> > - ken
> >
> > On 4/11/14, 12:15 PM, Peter Setlak wrote:
> >
> > > Along with watching for SSL traffic, we've been checking systems that
> > > may have OpenSSL installed and running:
> > >
> > > ./openssl version
> > >
> > > Hoping they come back 0.98 (or at least not 1.0.1[-f]).
> > >
> > >
> > > On Fri, Apr 11, 2014 at 1:11 PM, Joel L. Rosenblatt <joel () columbia edu
> > > <mailto:joel () columbia edu>> wrote:
> > >
> > >      We have been running a ssltest python script (from
> > >      https://gist.github.com/jpicht/10114168) and verifying the results
> > >      with the http://filippo.io/Heartbleed web site
> > >
> > >      We have repaired all but 1 or 2 at this point - the process will
> > > keep
> > >      on running to catch new ones that will pop up
> > >
> > >      Thanks,
> > >      Joel
> > >
> > >
> > >      Joel Rosenblatt, Director Network & Computer Security
> > >      Columbia Information Security Office (CISO)
> > >      Columbia University, 612 W 115th Street, NY, NY 10025 /212 854
> > >      3033 <tel:%20212%20854%203033>
> > >      http://www.columbia.edu/~joel <http://www.columbia.edu/%7Ejoel>
> > >      Public PGP key
> > >      http://pgp.mit.edu:11371/pks/lookup?op=get&search=
> > > 0x90BD740BCC7326C3
> > >
> > >
> > >      On Fri, Apr 11, 2014 at 12:52 PM, Steven Carmody
> > >      <steven_carmody () brown edu <mailto:steven_carmody () brown edu>> wrote:
> > >      > On 4/11/14 12:49 PM, Joel L. Rosenblatt wrote:
> > >      >>
> > >      >> We keep a constantly updating list of any IP address that accepts
> > >      >> connections on port 443 using netflow information, we test them
> > > for
> > >      >> the Heartbleed bug and inform the machine owner if they have a
> > >      problem
> > >      >>
> > >      >
> > >      > Can you provide any more detailing info about how you test
> > >      machines for the
> > >      > Heartbleed vulnerability ? Are you looking at the headers that
> > >      returned, or
> > >      > doing something else ?
> > >      >
> > >
> > >
> > >
> > >
> > > --
> > > Thank you,
> > >
> > > Peter J. Setlak
> > > Network Security Analyst, GSEC, GLEG, GCPM
> > > Colgate University
> > > ---
> > > psetlak () colgate edu <mailto:psetlak () colgate edu>
> > > (315) 228-7151
> > > Case-Geyer 450
> > >
> > > Colgate IT Security - http://colgate.edu/itsecurity
> > >
> > > Think *Green!* Please consider the environment before printing this
> > > email.
> > >
> > > *Engage with Colgate University:
> > > *
> > > News blog <http://blogs.colgate.edu/>, Twitter
> > > <https://twitter.com/#%21/colgateuniv>, Facebook
> > > <https://www.facebook.com/colgateuniversity>, Google+
> > > <https://plus.google.com/u/0/b/113333907606560373469/>, Delicious
> > > <http://www.delicious.com/colgatenewsmakers>, YouTube
> > > <http://www.youtube.com/cuatchannel13>, Flickr
> > > <http://www.flickr.com/photos/colgateuniversity/>, Pinterest
> > > <http://pinterest.com/colgateuniv/>, LinkedIn
> > > <http://www.linkedin.com/company/colgate-university/>


-- 
Thank you,

Peter J. Setlak
Network Security Analyst, GSEC, GLEG, GCPM
Colgate University
---
psetlak () colgate edu
(315) 228-7151
Case-Geyer 450

Colgate IT Security - http://colgate.edu/itsecurity

Think *Green!* Please consider the environment before printing this email.


*Engage with Colgate University: *
News blog <http://blogs.colgate.edu/>,
Twitter<https://twitter.com/#%21/colgateuniv>
, Facebook <https://www.facebook.com/colgateuniversity>,
Google+<https://plus.google.com/u/0/b/113333907606560373469/>
, Delicious <http://www.delicious.com/colgatenewsmakers>,
YouTube<http://www.youtube.com/cuatchannel13>
, Flickr <http://www.flickr.com/photos/colgateuniversity/>,
Pinterest<http://pinterest.com/colgateuniv/>
, LinkedIn <http://www.linkedin.com/company/colgate-university/>