Thursday, April 17, 2014


As of now, everyone has heard about the Heartbleed bug (vulnerability CVE-2014-0160). There are a number of articles, postings and blogs about the bug and its implications. I have listed below some of the most useful links and articles relating to this vulnerability and managing this situation.

Recommended reading:

The Hacker news has a list of FAQs on this vulnerability, it also includes links to PoC code and sites/ services that check whether a server is vulnerable

Bruce Schneier has a very interesting post on Heartbleed and its implications

Pentura Labs has a very good writeup and includes instructions for testing if your version of openssl is impacted even if you are offline

the SANS Diary has some very good posts on this evolving situation

A large number of servers and devices are impacted, some of the vendor notifications are listed below

Even if your main business servers are not impacted, it is possible that a web appliance, phone or networked device on your infrastructure is at risk.

Happy Patching!

No comments:

Post a Comment