Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: InfoSec Handlers Diary Blog - INFOCon Green: Heartbleed - on the mend InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

INFOCon Green: Heartbleed - on the mend

Published: 2014-04-14
Last Updated: 2014-04-14 14:21:08 UTC
by Kevin Shortt (Version: 1)
9 comment(s)

We are going back to INFOCon Green today.   Things have stabilized and the INFOCon is used to indicate change.  Awareness of Heartbleed is well saturated and Internet teams everywhere appear to be responding appropriately.  

Some points to be aware:

  • Patching will continue and hopefully fill remaining gaps.
  • Certificate Revocation Lists (CRLs) will grow, which may lead to slower load times in some cases. Please let us know if you are observing CRL issues.
  • There is no practical way to identify if a certificate has actually been updated, unless you recorded the certificate serial number.   It is common to check the creation date, BUT a CA can re-issue a new certificate and keep the original creation date. This is silly but should be noted.
  • The client side (wget, curl, etc...) of Heartbleed is mostly a non-issue, but there are a few exceptions. Watch for VPN client updates.
  • Certificates continue to be revoked.  We have taken the liberty to look at the CRL counts of sixteen different CA's since April 1, 2014. 

In summary,  please keep scanning and patching all of your servers and encourage all end users to change their passwords after a site's certificate has been updated.


-Kevin
--
ISC Handler on Duty

9 comment(s)
Diary Archives