Rolling Windows and Sticky Bytes

<tagline type="clever"/>

Heartbleed OpenSSL Vulnerability

The Heartbleed SSL vulnerability is big news in the media right now (and rightly so — it’s a scary bug).

I’ve been contacted by some organizations and software vendors and I’ve contacted others about it. I thought I would compile the list here, mainly for my own reference.

Financial / Banking

President’s Choice Financial – Not Affected (a telephone rep confirmed they do not use the affected versions of OpenSSL)

CIBC – Reply pending but likely unaffected (they provide banking services to PC Financial)

Online Services

CACert – Recommends revoking and regenerating any certificates or keys installed on vulnerable systems

GitHub – Recommends changing your password, enabling two-factor auth and resetting all your tokens

Amazon Web Services – Recommends upgrading OpenSSL on any vulnerable systems (EC2), running update_dependencies for OpsWorks and rotating any keys and certificates for Elastic Load Balancing, EC2, Elastic Beanstalk and CloudFront

Software

VisualSVN – VisualSVN Server is not affected. The client should be upgraded to version 4.0.6.

Games

Minecraft (and other Mojang games) – Recommends changing your password

No Comments »