
<div dir="ltr">Ah, yeah, that's a possibility.<div><br></div><div><a href="https://github.com/titanous/heartbleeder">https://github.com/titanous/heartbleeder</a> has worked well for me, though it lacks STARTTLS support.<br>

</div><div><br></div><div style>There's also this gist: <a href="https://gist.github.com/takeshixx/10107280">https://gist.github.com/takeshixx/10107280</a></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">

On Tue, Apr 8, 2014 at 3:09 PM, Chris Egeland <span dir="ltr"><<a href="mailto:chris@chrisegeland.com" target="_blank">chris@chrisegeland.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

<a href="http://rehmann.co/projects/heartbeat/?domain=noisebridge.net&port=443&submit=Submit" target="_blank">http://rehmann.co/projects/<u></u>heartbeat/?domain=noisebridge.<u></u>net&port=443&submit=Submit</a><br>


<br>

It's possible the tool is reporting false positives due to the amount of people using it.  I know the tool located at <a href="http://filippo.io/Heartbleed/" target="_blank">http://filippo.io/Heartbleed/</a> was having some false positives for a while.<span class="HOEnZb"><font color="#888888"><br>


<br>

Chris</font></span><div class="HOEnZb"><div class="h5"><br>

<br>

On 4/8/2014 10:00 AM, Jonathan Lassoff wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

Which tool were you using that was reporting a vulnerability?<br>

<br>

<br>

On Tue, Apr 8, 2014 at 2:51 PM, Chris Egeland <<a href="mailto:chris@chrisegeland.com" target="_blank">chris@chrisegeland.com</a>>wrote:<br>

<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

jof,<br>

<br>

Thanks for looking into this.  I tried testing with a couple of tools<br>

online on <a href="http://noisebridge.net" target="_blank">noisebridge.net</a>, some were reporting that they were vulnerable.<br>

  However, if there is no cause for concern, I will simply attribute the<br>

tool to being a false positive.<br>

<br>

Best of luck with this today.<br>

<br>

Chris<br>

<br>

<br>

<br>

On 4/8/2014 9:42 AM, Jonathan Lassoff wrote:<br>

<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

I'm super busy patching this for my commercial work, however a cursory<br>

testing of the HTTPS service for <a href="http://noisebridge.net" target="_blank">noisebridge.net</a> shows that it's not<br>

vulnerable, nor is STARTTLS on the SMTP endpoint.<br>

<br>

Are there any TLS services that noisebridge hosts?<br>

<br>

Cheers,<br>

jof<br>

<br>

<br>

<br>

On Tue, Apr 8, 2014 at 2:37 PM, Chris Egeland <<a href="mailto:chris@chrisegeland.com" target="_blank">chris@chrisegeland.com</a><br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

wrote:<br>

</blockquote>

  Hello,<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

As I'm sure you all have heard, the Heartbleed SSL vulnerability was<br>

exposed last night.  If you haven't heard about it yet, I urge you to go<br>

to<br>

<a href="http://heartbleed.com/" target="_blank">http://heartbleed.com/</a> and read about it.<br>

<br>

I'm curious, is anyone working to resolve this on Noisebridge's end?<br>

<br>

Thanks,<br>

Chris Egeland<br>

______________________________<u></u>_________________<br>

Rack mailing list<br>

<a href="mailto:Rack@lists.noisebridge.net" target="_blank">Rack@lists.noisebridge.net</a><br>

<a href="https://www.noisebridge.net/mailman/listinfo/rack" target="_blank">https://www.noisebridge.net/<u></u>mailman/listinfo/rack</a><br>

<br>

<br>

</blockquote></blockquote></blockquote></blockquote>

<br>

</div></div></blockquote></div><br></div>