Heartbleed – yes, indeed I have a few words on it!

I heard about this a few days ago in this article from arstechnica.  I checked with a top notch security guy I know (thanks Rob) and he confirmed this was a bad one.  He also mentioned that it was bad enough to keep him busy for a while but he was happy about that as it would not only let him make the important fixes but also help customers in other security areas – which he knows they need.  So pretty good outlook.  But today I heard several times some bad information on this issue.  So I am going to share some important info, and than some links and that will be it.

Do not change your passwords UNTIL the vendors tell you they have updated / fixed their site and if you have already you will need to change them again.

So in my world that means I have done Dropcam, Dropbox, Fitbit, and Piper.  But no one else since no one else has told me they have fixed.

Want to learn more?

Bruce Schneier – https://www.schneier.com/blog/archives/2014/04/heartbleed.html


Well done article – http://www.theverge.com/2014/4/8/5594266/how-heartbleed-broke-the-internet

VMware public sites – http://kb.vmware.com/kb/2076353

VMware products – http://kb.vmware.com/kb/2076225

National Vulnerability Database – https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160

You can check a site for this issue using this site – http://filippo.io/Heartbleed/

Update 4/11/14 1049 0 added Fitbit to the list of what has informed me, and I changed!


=== END ===

Leave a Reply