Bodhi, I agree, and it's even more problematic if you run servers on the internet, as I do. I don't actually have anything of value sitting behind Apache TLS here -- I do run https on one server, but it's really only to experiment with. However, https seems to be the service everyone is interested in. I'm personally more concerned as to whether I need to regenerate my sendmail TLS keys, and whether my DNS servers could have been breached. Even NTP is apparently affected, although I can't conceive what useful data could have been purloined there. I understand sshd is safe -- apparently it uses the openssl crypto libs, but implements its own secure channel, not employing TLS.
FWIW, I've been keeping the following URL in a browser tab:
http://tif.mcafee.com/heartbleedtest
Before I visit any site that is at all sensitive, I plug the site domainname into it. So far, every site I've encountered has been patched according to McAfee. Of course, I understand there are still half a million sites waiting for new site certs, so a patched openssl may not be the total answer, but for now I suppose it is the best we can do.
Just patched the last of my Pogoplugs. The only unpatched box I apparently have right now is Linux Mint, but it's sitting behind a firewall and doesn't serve up anything. Anyway, it's past time to hit the sack.
Thanks again.
FWIW, I've been keeping the following URL in a browser tab:
http://tif.mcafee.com/heartbleedtest
Before I visit any site that is at all sensitive, I plug the site domainname into it. So far, every site I've encountered has been patched according to McAfee. Of course, I understand there are still half a million sites waiting for new site certs, so a patched openssl may not be the total answer, but for now I suppose it is the best we can do.
Just patched the last of my Pogoplugs. The only unpatched box I apparently have right now is Linux Mint, but it's sitting behind a firewall and doesn't serve up anything. Anyway, it's past time to hit the sack.
Thanks again.
