There has been a lot of coverage concerning the following vulnerability:
We are pleased to be able to report that none of our systems are affected because we are currently running OpenSSL version 0.9.8 across the board.
During the current life cycle phase (Production 3) for the release of Linux we are at present using, the vendor is committed to the following:
“Critical Impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available. Other errata advisories may be delivered as appropriate.”
In other words, critical security flaws will be back ported and implemented into the software versions this version of Linux is running, as appropriate and where necessary.
The end of production phase for this version of Linux is March 31, 2017 with an extended end of life phase running through to Q1 2020.
You can test if a site is vulnerable to this issue using one of the following online scanning services:
Heartbleed test by Filippo Valsorda:
Qualys SSL Labs:
This is a comprehensive SSL test. Regarding Heartbleed specifically though, if all is well, the results will report:
“This server is not vulnerable to the Heartbleed attack. (Experimental)”
Remember though, just because a site is OK now, doesn’t mean it wasn’t affected in the first place. If you are uncertain even though the above test(s) are coming back clean, you should logout from the service and change your passwords. Also consider using two factor authentication where available.
For further information on password security, please also see:
Responses from the Major Players:
Mashable have created a substantial list of major sites and listed any response they’ve had from them:
- Mashable: The Heartbleed Hit List: The Passwords You Need to Change Right Now:
- Very nicely written blog article from AgileBits, the creators of 1Password (which is highly recommended for keeping good passwords and keeping them safe!):
- Netcraft provide a good general overview:
- The following website appears to be owned by the people who discovered this (Codenomicon) and provides a comprehensive FAQ:
- In depth write up of what this looks like from a System Administrator perspective:
- BBC news: Scramble to fix huge ‘heartbleed’ security bug:
- BBC news: Heartbleed Bug: Tech firms urge password reset:
- Toms Guide article explaining which large sites like Yahoo! and Google you need to look at changing your passwords on and solid advice about logging out and back in again on mobile devices too:
- Another article discussing which large websites have been affected: