Thursday, April 17, 2014

Heartbleed

As of now, everyone has heard about the Heartbleed bug (vulnerability CVE-2014-0160). There are a number of articles, postings and blogs about the bug and its implications. I have listed below some of the most useful links and articles relating to this vulnerability and managing this situation.


Recommended reading:

The Hacker news has a list of FAQs on this vulnerability, it also includes links to PoC code and sites/ services that check whether a server is vulnerable
http://thehackernews.com/2014/04/heartbleed-bug-explained-10-most.html#

Bruce Schneier has a very interesting post on Heartbleed and its implications
https://www.schneier.com/blog/archives/2014/04/heartbleed.html

Pentura Labs has a very good writeup and includes instructions for testing if your version of openssl is impacted even if you are offline
http://penturalabs.wordpress.com/2014/04/08/yet-another-heartbleed/

the SANS Diary has some very good posts on this evolving situation
https://isc.sans.edu/diary/The+Other+Side+of+Heartbleed+-+Client+Vulnerabilities/17945
http://digital-forensics.sans.org/blog/2014/04/10/heartbleed-links-simulcast-etc

A large number of servers and devices are impacted, some of the vendor notifications are listed below
http://www.symantec.com/connect/blogs/detect-heartbleed-vulnerability-remediate-and-harden-your-infrastructure-control-compliance-su
http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10623
http://kb.bluecoat.com/index?page=content&id=SA79
https://isc.sans.edu/diary/Heartbleed+vendor+notifications/17929




Even if your main business servers are not impacted, it is possible that a web appliance, phone or networked device on your infrastructure is at risk.

Happy Patching!