PI and the Heartbleed bug

Similar Messages

• Does the SCCM updates manager use OpenSSL, and is it vulnerable to the Heartbleed bug?

  I'm 99.99% positive I know the answer, but my boss wants to know for SURE. Does the SCCM updates manager use OpenSSL, and is it vulnerable to the Heartbleed bug?
  Thank you for appeasing him.

  I must be misunderstanding something here. Would you please help me understand why this isn't answerable here? How does this have anything to do w/ our TAM? SCCM is SCCM regardless of where we got it, right? I'm quite perplexed, so thank you for
  clearing this up.
  My guess is liability. What if we're wrong? Very few people who frequent these forums are actual Microsoft employees.
  If you want a 'for sure' answer, you're best off contacting Microsoft directly IMHO.
  Don't retire TechNet! -
  (Don't give up yet - 12,830+ strong and growing)

• Is there a fix for the Heartbleed bug for iMac, iPad, iPod?

  I just read an article that Google has come out with a fix for PC users to download so they will not be affected by the Heartbleed bug.  I was wondering if Apple has come out with a security fix of their own yet?  

  MsAnnieB2 wrote:
  I just read an article that Google has come out with a fix for PC users to download so they will not be affected by the Heartbleed bug.
  I've searched for this on Google, but have not found anything. Can you tell me more? If they have found a solution for PC's then there is a good chance it can be made to work with Macs.
  I was wondering if Apple has come out with a security fix of their own yet?  
  Although the information you were given is the best available at this time, it really don't feel it adequately answered your question.
  As far as I have been able to find out, all computer users are equally impacted by this issue and there is no way to protect yourself other than to stay off of secure sites until they have told you they are safe. Don't even go onto those sites to change your password until you know that they are safe.

• Do I need to take any action over the Heartbleed bug?

  Do I need to take any action over the Heartbleed bug?

  You can use this website test the sites, like banking sites, for protection to the Heartbeat issue: Qualys SSL Labs - Projects / SSL Server Test.
  Just enter the URL of the site and it will test it for compliance.
  OT

• Does the Heartbleed Bug affect macs?

  I have been hearing about the heartbleed bug and just wondering if it is affecting Apple products?

  The Heartbleed issue is a server, not a client, issue. In short, yes, it doesn't matter what you are running to connect to a site, the issue lies in what the server has installed for SSL. But the risk is not in infecting your Mac as much as stealing your login and other information.
  This might help you to understand what is happening: http://tidbits.com/article/14662?rss&utm_source=feedburner&utm_medium=feed&utm_c ampaign=Feed%3A+tidbits_main+%28TidBITS%3A+Mac+News+for+the+Rest+of+Us%29

• Verizon Router & the Heartbleed bug

  Is my router's firmware up to date as per the Heartbleed bug? Apple had to update its AirPort routers firmware, so is my Verizon router secure? Anyone know or can help?
  My question stems from the CNNMoney article...
  money.cnn.com/2014/04/24/technology/security/heartbleed-security/index.html?iid=Lead
  So I figured to ask and the "Ask Verizon" auto agent is useless for questions like this. thx

  I've asked someone in-the-know at Verizon, and they have indicated the FiOS routers do not suffer from the Heartbleed bug.
  ========
  The first to bring me 1Gbps Fiber for $30/m wins!

• As a Mac user, what action do I take in relation to the Heartbleed bug?

  As a Mac user, what action do I take in relation to the Heartbleed bug?

  None except don't visit servers that have not updated their openssl server.

• How is the "heartbleed" bug affecting android devices?

  How is the "heartbleed" bug affecting android devices?

  This would be a great place to start. There are plenty of documentation on the MDN to get you started.
  https://developer.mozilla.org/en-US/docs/Extensions/Firefox_on_Android

• HT6162 does update cover the 'Heartbleed' bug?

  does the recent update for IOS include the open SSL fix for the heartbleed bug?

  Joe_depo wrote:
  does the recent update for IOS include the open SSL fix for the heartbleed bug?
  As others have said, nothing can be fixed on your end. You need to stay off of secure sites where you post privacy information until they have told you it's safe to use. If they tell you they fixed the problem then you need to change your password then, but not before it's fixed.

• What should Mac users do about the Heartbleed bug?

  I've been reading about this new Heartbleed bug where you should change all your passwords. It seems these days that quite frequently something like this appears, and the first thing they tell you is to change all your passwords. I would just like to know from someone who knows what they are talking about how Mac devices are affected by Heartbleed. do I need to make a mad dash to change all my passwords?

  The short answer to your first question is - if you're worried, change your password. Better safe than sorry. If it's just a few sites, it shouldn't be too onerous a task, hopefully.
  Gaining access to one site does not allow an intruder to access other sites.
  When you say "log into" Youtube or Google - just to clarify:
  - If you use your web browser to go to youtube.com, and view videos, or you go to google.com, and do a search for something, technically you're not logging in. You're just visiting. This poses no risk to you.
  - However, if you go to youtube.com, or google.com, and click "Sign in", and enter a user name (usually an email address) and password, then you're logging in, and your password and other information may be at risk.
  When you visit Google, look at the very top of the screen. If you see your name there, you're signed in, and you DO have a Google account. If you don't, you're not signed in, and from what you say, you probably don't have a Google account.
  The only way that email might be affected is if you regularly access your email through the web (ie, you log onto http://comcast.net), and your mail host (Comcast) tells you that they were susceptible to Heartbleed. Accessing mail through a mail application (the Mail app on your Mac, for example) is not affected by this issue. It's really all about websites. Most applications, such as iTunes, are not affected. (I say "most" because some may have used OpenSSL to access services, or are linked to sites which use OpenSSL - such as Dropbox.)
  Matt

• Has anyone started making all the password changes necessary to ward off the effects of the Heartbleed bug?

  Everything I have read about Heartbleed is enough to make you go back to the age before computers. However, even if you did, the support systems for everything these days is computer based. So there's no escaping it. Plus this is only the beginning. I wonder what will be next?
  Anyway, I have started making password changes after carefully checking each website for vulnerability. It is a tedious process to say the least. It is painstakingly slow.
  Does anyone have any ideas to make this process easier and less painful?

  This may not help you this time but I use LastPass as my password manager and they made it very easy because they very quickly released a tool that allowed me to automatically check all of my stored passwords and alert me to which ones were for affected sites and whether or not the site had yet corrected the problem. Additionally LastPass has always been able to sense when I make a password change for a site that I have a stored password and makes it easy to store the change. It also has a capability to generate passwords with random characters, etc. http://blog.lastpass.com/2014/04/lastpass-now-checks-if-your-sites-are.html
  In terms of help for this time, the password generation ability and the ability to store the passwords is something that may make your job easier.

• Is Microsoft NPS affected by an equivalent of the heartbleed bug that affects free radius

  Is NPS based on a version of Open SSL and if so will there be a patch soon to mitigate against the heartbleed bug

  Thank you, and please accept my apologies, I am not technically inclined to your level and if I may broach the subject once more - I have sensitive data other than bank and email,
  Are there Registry lines or msinfo32 identifications that would disclose if I was running or have the OPENSSL - I am running x64 Win7, Nod32, use the Windows Firewall, have updated Java, use Google, and Mozilla. No programs are allowed to access the internet
  without first being given permission (pdf and word)
  And once again, I do apologize for my limited knowledge  . . . have to reboot . . . just had 11 security updates 
  OpenSSL is shipped as a standalone and portable tool, so it may be unzipped to a folder without installation, therefore msinfo and Programs and Features applet will not tell you definitely.
  My weblog: en-us.sysadmins.lv
  PowerShell PKI Module: pspki.codeplex.com
  PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
  Check out new: SSL Certificate Verifier
  Check out new:
  PowerShell FCIV tool.

• Transfering old documents and the helvetica bug

  Is there any way of avoiding the helvetica bug when transfering old documents?
  I have thousands of documents created on an I book power PC G 3, 500 MHz, OS 10.3 and AW 6.2.9. These have chicago script and when transfered to mac book 1.83 GHz, OS10.4 and AW 6.2.9, they now have helvetica text which I find difficult on the eye. It would a pain to individually change them to another text. There does not appear to be chicago text on the macbook. The AW on the I book was upgraded from clarisworks to the latest version but the AW on the macbook was a new version out of the box, then upgraded to 6.2.9.
  I aplogise in advance because I think this is question may already be answered but I couldn't find it in discussions.
  Eamonn Lim

  Hi Eamonn,
  I think the key line in your post is this one:
  "There does not appear to be chicago text on the macbook."
  If that;s the case, then what you're seeing may be font substitution, rather than the Helvetica bug. This could be good news or bad.
  If you still have your iBook G3, you may be able to transfer the Chicago font from it to your MacBook. If that's possible, If the MacBook recognizes the font, and If it's not the Helvetica bug, just having the font avbailable should cure the problem.
  The bad news? If any of the three conditions above aren't true, you may be stuck with changing them individually.
  Even the bad news isn't all bad though, if are set entirely in Chicago. You'll only need to change each document once, and won't need to change it at all until the first time you open it.
  Open the document, press command-A to Select All, choose the new font, click anywhere to deselect, then Save the document. Then carry on with reading the document.
  If it IS the dreaded Helvetica bug, a search of the forum on "helvetica" will bring up instructions on solving.
  And I suspect it's possible to do a batch change of the documents' fonts using an AppleScript, if the 'do as needed' approach doesn't fit your needs.
  Regards,
  Barry

• Is RTMPS affected by the Heartbleed bug?

  Or any component for using RTMPS? For example: Adobe Media Server, Flash Player (on Windows, Mac, etc.)?
  Please let me know.
  Thanks.

  Hi Namita,
  I just found this thread : OpenSSL vulnerability 6 Aug 2014 from August and it says AMS 5.0.6 has the fix for the bug. So other versions 5.0.1 through 5.0.5 are affected by the bug?
  Could you please clarify?
  Thanks a bunch.

• Lovely! I have to sign in to ask if it is safe to sign in because of the Heartbleed bug.

  Nice! I suppose you need some control over who posts, but if you had put a statement on your website I would not have had to ask.

  More information.
  http://www.androidcentral.com/google-updates-back-end-light-heartbleed-vulnerability