Educause Security Discussion mailing list archives
Re: Finding Servers Using OpenSSL SSL/TLS
From: Peter Setlak <psetlak () COLGATE EDU>
Date: Fri, 11 Apr 2014 14:14:34 -0400
We saw the same thing when we patched a server - after the (successful) patch, it came back with 1.0.1e. On Fri, Apr 11, 2014 at 2:05 PM, Tim Doty <tdoty () mst edu> wrote:
ubuntu is a good example: $ openssl version OpenSSL 1.0.1 14 Mar 2012 Yet it has been patched (and tested to ensure that is no longer vulnerable). For that matter: make sure that you test patched systems. The patch was pushed out early Monday to all managed servers, but for some reason did not take on two of them. Tim Doty On 04/11/2014 12:58 PM, Ken Connelly wrote:Please note that some distros backport patches, so the version string may not be meaningful. - ken On 4/11/14, 12:15 PM, Peter Setlak wrote:Along with watching for SSL traffic, we've been checking systems that may have OpenSSL installed and running: ./openssl version Hoping they come back 0.98 (or at least not 1.0.1[-f]). On Fri, Apr 11, 2014 at 1:11 PM, Joel L. Rosenblatt <joel () columbia edu <mailto:joel () columbia edu>> wrote: We have been running a ssltest python script (from https://gist.github.com/jpicht/10114168) and verifying the results with the http://filippo.io/Heartbleed web site We have repaired all but 1 or 2 at this point - the process will keep on running to catch new ones that will pop up Thanks, Joel Joel Rosenblatt, Director Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 /212 854 3033 <tel:%20212%20854%203033> http://www.columbia.edu/~joel <http://www.columbia.edu/%7Ejoel> Public PGP key http://pgp.mit.edu:11371/pks/lookup?op=get&search= 0x90BD740BCC7326C3 On Fri, Apr 11, 2014 at 12:52 PM, Steven Carmody <steven_carmody () brown edu <mailto:steven_carmody () brown edu>> wrote: > On 4/11/14 12:49 PM, Joel L. Rosenblatt wrote: >> >> We keep a constantly updating list of any IP address that accepts >> connections on port 443 using netflow information, we test them for >> the Heartbleed bug and inform the machine owner if they have a problem >> > > Can you provide any more detailing info about how you test machines for the > Heartbleed vulnerability ? Are you looking at the headers that returned, or > doing something else ? > -- Thank you, Peter J. Setlak Network Security Analyst, GSEC, GLEG, GCPM Colgate University --- psetlak () colgate edu <mailto:psetlak () colgate edu> (315) 228-7151 Case-Geyer 450 Colgate IT Security - http://colgate.edu/itsecurity Think *Green!* Please consider the environment before printing this email. *Engage with Colgate University: * News blog <http://blogs.colgate.edu/>, Twitter <https://twitter.com/#%21/colgateuniv>, Facebook <https://www.facebook.com/colgateuniversity>, Google+ <https://plus.google.com/u/0/b/113333907606560373469/>, Delicious <http://www.delicious.com/colgatenewsmakers>, YouTube <http://www.youtube.com/cuatchannel13>, Flickr <http://www.flickr.com/photos/colgateuniversity/>, Pinterest <http://pinterest.com/colgateuniv/>, LinkedIn <http://www.linkedin.com/company/colgate-university/>
-- Thank you, Peter J. Setlak Network Security Analyst, GSEC, GLEG, GCPM Colgate University --- psetlak () colgate edu (315) 228-7151 Case-Geyer 450 Colgate IT Security - http://colgate.edu/itsecurity Think *Green!* Please consider the environment before printing this email. *Engage with Colgate University: * News blog <http://blogs.colgate.edu/>, Twitter<https://twitter.com/#%21/colgateuniv> , Facebook <https://www.facebook.com/colgateuniversity>, Google+<https://plus.google.com/u/0/b/113333907606560373469/> , Delicious <http://www.delicious.com/colgatenewsmakers>, YouTube<http://www.youtube.com/cuatchannel13> , Flickr <http://www.flickr.com/photos/colgateuniversity/>, Pinterest<http://pinterest.com/colgateuniv/> , LinkedIn <http://www.linkedin.com/company/colgate-university/>
Current thread:
- Re: Finding Servers Using OpenSSL SSL/TLS, (continued)
- Re: Finding Servers Using OpenSSL SSL/TLS Peter Setlak (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Joel L. Rosenblatt (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Mally Mclane (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Joel L. Rosenblatt (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Cheryl O'Dell (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Steven Carmody (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Joel L. Rosenblatt (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Peter Setlak (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Ken Connelly (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Tim Doty (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Peter Setlak (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Pratt, Benjamin E. (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Scherck, Daniel (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Scherck, Daniel (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Valdis Kletnieks (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Danny Schales (Apr 11)
- Re: Finding Servers Using OpenSSL SSL/TLS Kevin Wilcox (Apr 11)