Chat / support@radicenter.eu

Heartbleed vulnerability?

1. General info about HeartBleed
2. Does/Has Radicenter have/had this problem/vulnerability?

Some users that have just discovered the Heartbleed vulnerability from internet feeds have wondered that do we have this or not? Some have even used LastPass scanner to determine if they have this bug on their website (usually they get no confirmation there or get some answer that does not say anything). Here I try to clarify:

What this vulnerability is:
Few days ago a vulnerability was found in OpenSSL library that let attacker to get some additional info from servers memory.
Original description HERE
Heartbleed information homepage HERE
More info can be found from CERT-FI webpage
(XKCD has done good job to clarify this by comic HERE)

How to detect this:
– Check your systems OpenSSL library against known vulnerable versions
– LastPass scanner https://lastpass.com/heartbleed/ (NB! Lastpass scanner does not give you correct/true answer as it scans only if apache and OpenSSL are used and whats the website certificate expiration/generation date)
– Filippo.io HeartBleed test http://filippo.io/Heartbleed/ (This test will give you most correct answer as it tries to exploit this vulnerability)

Alexa top 10000 list of vulnerable websites can be found HERE

What is recommended to do to fix this:
More info can be found on links under first section.

Does/Has Radicenter have/had this problem/vulnerability?

We found out about this vulnerability as soon as it was posted on international security feeds on the first day it was found.
Answer is quite simple – Radicenter servers do not have nor will have this vulnerability.
We use only latest stable and secure software on our servers (As vulnerable OpenSSL library did not yet have all bugs sorted out – we did not upgrade to it)

Comments are currently closed.

This website utilizes cookies and similar technologies for functionality and other purposes. Your use of this website constitutes your acceptance of cookies.
Ok, got it.