VULNERABLE - newsblur.com:443 has the heartbeat extension enabled and is vulnerable to CVE-2014-0160

  • 3
  • Problem
  • Updated 5 years ago
Please update openssl and regenerate a new cert.

http://heartbleed.com/

You can test yourself using this tool: https://github.com/titanous/heartbleeder
Photo of Troy

Troy

  • 4 Posts
  • 0 Reply Likes

Posted 5 years ago

  • 3
Photo of Samuel Clay

Samuel Clay, Official Rep

  • 6514 Posts
  • 1474 Reply Likes
I'm planning to restart HAProxy in a few hours when traffic is lower. I've already patched OpenSSL.
Photo of polpo

polpo

  • 13 Posts
  • 0 Reply Likes
BTW, HAProxy supports graceful restarts that don't break connections, with the -sf command line parameter. http://www.mgoff.in/2010/04/18/haprox...
Photo of Samuel Clay

Samuel Clay, Official Rep

  • 6514 Posts
  • 1474 Reply Likes
I did that but it didn't take, so the server needs a reboot.
Photo of lgladdy

lgladdy

  • 5 Posts
  • 0 Reply Likes
So, theoretically, we should change our passwords once you've done that, right?
Photo of 9ttL2DurVffs

9ttL2DurVffs

  • 34 Posts
  • 1 Reply Like
Yes. All secrets (keys / certificates) also need to be reissued.
Photo of pavel_lishin

pavel_lishin

  • 8 Posts
  • 1 Reply Like
As I understand it, there isn't much point to changing passwords until certificates are reissued, correct?
Photo of Samuel Clay

Samuel Clay, Official Rep

  • 6514 Posts
  • 1474 Reply Likes
Ok, all set. I'll take care of certs soon.
Photo of Troy

Troy

  • 4 Posts
  • 0 Reply Likes
WOOO! Thanks! To help ease the pain I'm taking my account to the super generous premium.
Photo of Erin Flachsbart

Erin Flachsbart

  • 16 Posts
  • 0 Reply Likes
Thank you!