Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
root@wh33t:~# dpkg -s openssl
Package: openssl
Status: install ok installed
Priority: optional
Section: utils
Installed-Size: 901
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Architecture: amd64
Version: 1.0.1-4ubuntu5.12
Depends: libc6 (>= 2.15), libssl1.0.0 (>= 1.0.1)
Suggests: ca-certificates
Conffiles:
/etc/ssl/openssl.cnf ce31ab5015842bf7c2939514a634e0e4
Description: Secure Socket Layer (SSL) binary and related cryptographic tools
This package contains the openssl binary and related tools.
.
It is part of the OpenSSL implementation of SSL.
.
You need it to perform certain cryptographic actions like:
- Creation of RSA, DH and DSA key parameters;
- Creation of X.509 certificates, CSRs and CRLs;
- Calculation of message digests;
- Encryption and decryption with ciphers;
- SSL/TLS client and server tests;
- Handling of S/MIME signed or encrypted mail.
Original-Maintainer: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
Moved: wh33ts thread was merged into the existing "CVE-2014-0160: Heartbleed Bug: OpenSSL Vulnerability" thread to keep important same topic threads in one place and get the exposure they deserve.
So if I'm up to date then any ideas why that website says I'm still vulnerable?
Most of them cache the response and don't 'really' check again for a period of time.. It can also be a false positive (as mentioned above) or maybe you forgot to restart the http server!?
Please keep in mind that there is still one security bug (which would normally be critical if not eclipsed by heartbleed) still affecting squeeze and wheezy... ( https://security-tracker.debian.org/.../CVE-2014-0076
Hmm, what repositories are you searching in?
Keep in mind that "Squeeze" is not affected at all by heartbleed (so no update) and the update for "Wheezy" is in "wheezy-security"
Hi, I hope I'm the right thread. My question is related to heartbleed so I think it could be useful here...
Some organizations are claiming that they are detecting heartbleed attacks after the fact (eg, Canada Revenue Agency). For this to be possible, they (or a separate security outfit) would have to be doing some massive traffic recording. They would then have to go back and do some deep packet analysis (of SYN packets only?) to check for abnormal packets to see when a heartbleed attack happened, and what data was leaked by the server. Is this essentially correct? I'd like to know more about this stuff...
Provided you have the hardware and infra its quite doable: search the old Snort mailing list posts (or Sourcefire docs) for what they say Snort can handle. There exist quite a few Snort and Suricata rules now (below listed are FBI Private Industry Notification 140410-001, though obviously the SID numbers are wrong if you run Snort Community, Emerging Threats and or Sourcefire rule sets):
Code:
alert tcp any any < > any [443,465,563,636,695,898,989,990,992,993,994,995,2083,2087,2096,2484,8443,8883,9091] (content:"|18 03 00|"; depth: 3; content:"|01|"; distance: 2; within: 1; content:!"|00|"; within: 1; msg: "SSLv3 Malicious Heartbleed Request V2”; sid: 1;)
alert tcp any any < > any [443,465,563,636,695,898,989,990,992,993,994,995,2083,2087,2096,2484,8443,8883,9091] (content:"|18 03 01|"; depth: 3; content:"|01|"; distance: 2; within: 1; content:!"|00|"; within: 1; msg: "TLSv1 Malicious Heartbleed Request V2"; sid: 2;)
alert tcp any any < > any [443,465,563,636,695,898,989,990,992,993,994,995,2083,2087,2096,2484,8443,8883,9091] (content:"|18 03 02|"; depth: 3; content:"|01|"; distance: 2; within: 1; content:!"|00|"; within: 1; msg: "TLSv1.1 Malicious Heartbleed Request V2"; sid: 3;)
alert tcp any any < > any [443,465,563,636,695,898,989,990,992,993,994,995,2083,2087,2096,2484,8443,8883,9091] (content:"|18 03 03|"; depth: 3; content:"|01|"; distance: 2; within: 1; content:!"|00|"; within: 1; msg: "TLSv1.2 Malicious Heartbleed Request V2"; sid: 4;)
*Also see Sourcefire Snort SIDs 30510 through 30517, Cisco IPS sigs 4187/0 and 4187/1 and the Fox-IT Snort v1 / v2 sigs.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
