[security.pimp]

..technology..security..information..freedom..

Death by Heartbleed

With all the news of the Heartbleed SSL flaw in the media this week IT staff have been working to lock things down on servers & services.

Here are 3 Simple ways to Identify if a domain is vulnerable to a Heartbleed

Method 1
From any host running Chrome Web Browser search for and install the following extension
https://chrome.google.com/webstore/detail/chromebleed/eeoekjnjgppnaegdjbcafdggilajhpic

Image

Now browse to the Domain name in question to validate the status.
If the domain is vulnerable you will see a message similar to the following

Image
Method 2
Use a web based service such as the one found here:
http://filippo.io/Heartbleed/

Method 3
For scanning multiple sites at once we have created the following script.

bleeding_hearts.sh

Usage :

‘./bleeding_hearts.sh domain-list.txt’

Output Examples :

'TLS server extension heartbeat'

The above output should be further investigated to verify the vulnerability.

More Info:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

Da:JAM

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: