[Rack] Heartbleed SSL Vulnerability
Chris Egeland
chris at chrisegeland.com
Tue Apr 8 14:09:17 UTC 2014
http://rehmann.co/projects/heartbeat/?domain=noisebridge.net&port=443&submit=Submit
It's possible the tool is reporting false positives due to the amount of
people using it. I know the tool located at
http://filippo.io/Heartbleed/ was having some false positives for a while.
Chris
On 4/8/2014 10:00 AM, Jonathan Lassoff wrote:
> Which tool were you using that was reporting a vulnerability?
>
>
> On Tue, Apr 8, 2014 at 2:51 PM, Chris Egeland <chris at chrisegeland.com>wrote:
>
>> jof,
>>
>> Thanks for looking into this. I tried testing with a couple of tools
>> online on noisebridge.net, some were reporting that they were vulnerable.
>> However, if there is no cause for concern, I will simply attribute the
>> tool to being a false positive.
>>
>> Best of luck with this today.
>>
>> Chris
>>
>>
>>
>> On 4/8/2014 9:42 AM, Jonathan Lassoff wrote:
>>
>>> I'm super busy patching this for my commercial work, however a cursory
>>> testing of the HTTPS service for noisebridge.net shows that it's not
>>> vulnerable, nor is STARTTLS on the SMTP endpoint.
>>>
>>> Are there any TLS services that noisebridge hosts?
>>>
>>> Cheers,
>>> jof
>>>
>>>
>>>
>>> On Tue, Apr 8, 2014 at 2:37 PM, Chris Egeland <chris at chrisegeland.com
>>>> wrote:
>>> Hello,
>>>> As I'm sure you all have heard, the Heartbleed SSL vulnerability was
>>>> exposed last night. If you haven't heard about it yet, I urge you to go
>>>> to
>>>> http://heartbleed.com/ and read about it.
>>>>
>>>> I'm curious, is anyone working to resolve this on Noisebridge's end?
>>>>
>>>> Thanks,
>>>> Chris Egeland
>>>> _______________________________________________
>>>> Rack mailing list
>>>> Rack at lists.noisebridge.net
>>>> https://www.noisebridge.net/mailman/listinfo/rack
>>>>
>>>>
More information about the Rack
mailing list