[Rack] Heartbleed SSL Vulnerability

[Chris Egeland]

http://rehmann.co/projects/heartbeat/?domain=noisebridge.net&port=443&submit=Submit

It's possible the tool is reporting false positives due to the amount of 
people using it.  I know the tool located at 
http://filippo.io/Heartbleed/ was having some false positives for a while.

Chris

On 4/8/2014 10:00 AM, Jonathan Lassoff wrote:
> Which tool were you using that was reporting a vulnerability?
>
>
> On Tue, Apr 8, 2014 at 2:51 PM, Chris Egeland <chris at chrisegeland.com>wrote:
>
>> jof,
>>
>> Thanks for looking into this.  I tried testing with a couple of tools
>> online on noisebridge.net, some were reporting that they were vulnerable.
>>   However, if there is no cause for concern, I will simply attribute the
>> tool to being a false positive.
>>
>> Best of luck with this today.
>>
>> Chris
>>
>>
>>
>> On 4/8/2014 9:42 AM, Jonathan Lassoff wrote:
>>
>>> I'm super busy patching this for my commercial work, however a cursory
>>> testing of the HTTPS service for noisebridge.net shows that it's not
>>> vulnerable, nor is STARTTLS on the SMTP endpoint.
>>>
>>> Are there any TLS services that noisebridge hosts?
>>>
>>> Cheers,
>>> jof
>>>
>>>
>>>
>>> On Tue, Apr 8, 2014 at 2:37 PM, Chris Egeland <chris at chrisegeland.com
>>>> wrote:
>>>   Hello,
>>>> As I'm sure you all have heard, the Heartbleed SSL vulnerability was
>>>> exposed last night.  If you haven't heard about it yet, I urge you to go
>>>> to
>>>> http://heartbleed.com/ and read about it.
>>>>
>>>> I'm curious, is anyone working to resolve this on Noisebridge's end?
>>>>
>>>> Thanks,
>>>> Chris Egeland
>>>> _______________________________________________
>>>> Rack mailing list
>>>> Rack at lists.noisebridge.net
>>>> https://www.noisebridge.net/mailman/listinfo/rack
>>>>
>>>>