[Rack] Heartbleed SSL Vulnerability

Jonathan Lassoff jof at thejof.com
Tue Apr 8 14:12:23 UTC 2014 

Ah, yeah, that's a possibility.

https://github.com/titanous/heartbleeder has worked well for me, though it
lacks STARTTLS support.

There's also this gist: https://gist.github.com/takeshixx/10107280


On Tue, Apr 8, 2014 at 3:09 PM, Chris Egeland <chris at chrisegeland.com>wrote:

> http://rehmann.co/projects/heartbeat/?domain=noisebridge.
> net&port=443&submit=Submit
>
> It's possible the tool is reporting false positives due to the amount of
> people using it.  I know the tool located at http://filippo.io/Heartbleed/was having some false positives for a while.
>
> Chris
>
>
> On 4/8/2014 10:00 AM, Jonathan Lassoff wrote:
>
>> Which tool were you using that was reporting a vulnerability?
>>
>>
>> On Tue, Apr 8, 2014 at 2:51 PM, Chris Egeland <chris at chrisegeland.com
>> >wrote:
>>
>>  jof,
>>>
>>> Thanks for looking into this.  I tried testing with a couple of tools
>>> online on noisebridge.net, some were reporting that they were
>>> vulnerable.
>>>   However, if there is no cause for concern, I will simply attribute the
>>> tool to being a false positive.
>>>
>>> Best of luck with this today.
>>>
>>> Chris
>>>
>>>
>>>
>>> On 4/8/2014 9:42 AM, Jonathan Lassoff wrote:
>>>
>>>  I'm super busy patching this for my commercial work, however a cursory
>>>> testing of the HTTPS service for noisebridge.net shows that it's not
>>>> vulnerable, nor is STARTTLS on the SMTP endpoint.
>>>>
>>>> Are there any TLS services that noisebridge hosts?
>>>>
>>>> Cheers,
>>>> jof
>>>>
>>>>
>>>>
>>>> On Tue, Apr 8, 2014 at 2:37 PM, Chris Egeland <chris at chrisegeland.com
>>>>
>>>>> wrote:
>>>>>
>>>>   Hello,
>>>>
>>>>> As I'm sure you all have heard, the Heartbleed SSL vulnerability was
>>>>> exposed last night.  If you haven't heard about it yet, I urge you to
>>>>> go
>>>>> to
>>>>> http://heartbleed.com/ and read about it.
>>>>>
>>>>> I'm curious, is anyone working to resolve this on Noisebridge's end?
>>>>>
>>>>> Thanks,
>>>>> Chris Egeland
>>>>> _______________________________________________
>>>>> Rack mailing list
>>>>> Rack at lists.noisebridge.net
>>>>> https://www.noisebridge.net/mailman/listinfo/rack
>>>>>
>>>>>
>>>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.noisebridge.net/pipermail/rack/attachments/20140408/25341ec8/attachment-0003.html>

More information about the Rack mailing list