OpenSSL Heartbleed

People are hard at work today patching OpenSSL due to the Heartbleed bug (CVE-2014-0160).

There’s tons of information pouring out as package repositories are rapidly updating to the latest OpenSSL 1.0.1g release that came out yesterday. If you want to see if your server is vulnerable, you can run this:

openssl version -a

If you are anywhere in the 1.0.1 to 1.0.1f (inclusive) range or have a compile time earlier than yesterday, you should look to upgrade. For Ubuntu servers, you can find information on how to upgrade here, or here if you are running Lucid (10.04). There’s also a useful python script that will allow you to test your sites for being vulnerable. Do not use that script for anything other than testing your own sites! I’m sure we all have enough to deal with today :)

Determining the Right CND Tool for a Job

Throughout the day a SOC team uses dozens of tools to complete tasks in a few minutes that would normally take much longer. Tools improve...… Continue reading

CRITs Authentication

Published on June 24, 2014

CRITs: Collaborative Research Into Threats

Published on June 18, 2014