Discussion in 'Business & Enterprise Computing' started by lavi, Jan 28, 2015.
fuck you glib! not what I needed this week
I'll just link the other thread so the same arguments don't get rehashed for the 9000th time ...
Its got a cool name... its on Reddit... cue News.Com.Au having a 'world is ending' article up about it in the next 3 hours.
if news.com.au don't involve ISIS with it then what's the point?
Spent the morning patching my servers :-/
I wonder how many of the "propriatary" linux based systems I'm running have the bug also
Personal stuff patched, hopefully it's not one that needs additional patching any time soon. Thankfully somebody else at work looks after this stuff, but I'd be surprised if anything but external-facing systems are touched for some time.
I always wonder that too. I know our camera recorder at work is vulnerable to heartbleed and various other OpenSSL bugs. I also know the chances of a patch are zero - it doesn't even have a model number, let alone a manufacturer (got it off eBay of course).
The 'internet of things' is going to be a scary place.
For anyone digging deep into this bug, it's serious but no where near as exploitable as it's being made out to be. If you read the Qualys report on it, they have an Exim POC but it requires a non standard config (albeit a common one).
They also analysed a number of common systems with TCP access and found the following NOT to be vulnerable:
apache, cups, dovecot, gnupg, isc-dhcp, lighttpd, mariadb/mysql,
nfs-utils, nginx, nodejs, openldap, openssh, postfix, proftpd,
pure-ftpd, rsyslog, samba, sendmail, sysklogd, syslog-ng, tcp_wrappers,
Obviously the easy way is to patch and reboot to ensure everything is protected, but at least the likelihood of exploit is low than first thought.
we did 380 something servers last nigh ... being a zombie today is an understatement
It already is - I think Philips set the standard for IoT security with their early internet light bulbs.
And various "Smart" TV manufacturers.