Worried About Heartbleed? Then fix your $h!t - Here's How


So it's been kinda fun watching people freak out about the Heartbleed vulnerability this week.  What I don't find so funny & kinda scary is that this vulnerability has been in the wild since December 2011 and people are learning about this over two years later.


In any case my social media feeds are being flooded by people asking how to mitigate this vulnerability.  This post will outline how to patch some of the most popular affected distributions by running commands in Terminals:


Mac OSX: $ brew upgrade openssl


Red Hat: $ sudo yum update openssl

Centos: $ sudo yum update openssl

Fedora: $ sudo yum update openssl

Amazon Linux AMI:  $ sudo yum update openssl


Debian: $ sudo apt-get update && sudo apt-get upgrade

Ubuntu: $ sudo apt-get update && sudo apt-get upgrade

#! Linux: $ sudo apt-get update && sudo apt-get upgrade



So people please patch your servers and take other measures as recommended per your distro's security bulltetins.

Also I wanted to mention that I've been seeing a very scary number of post in my social media feeds from "Cyber/IT Security Professionals" strongly advising people to check their assets for HeartBleed on this site http://filippo.io/Heartbleed/ .  Now I'm not saying the site is designed to be malicious but there is no real way of telling what's going on there.  Now lets pretend the site isn't legit and people start using it to test their assets using this tool.  You've just become a victim of social engineering and voluntarily  added your vulnerable/invulnerable to someones list of websites.  So now a bad actor/third party has your site in list that can be used for future exploitation.

I recommend you patch your assets and take appropriate actions recommended by trusted sources rather than use a third party tool that you know nothing about.  Also TRUST NO ONE on the internet!

Just say'n

Thanks

-a

Comments