Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Testing for Heartbleed InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Testing for Heartbleed

Published: 2014-04-09
Last Updated: 2014-04-09 21:53:10 UTC
by Mark Hofman (Version: 1)
6 comment(s)

There are a fair few sites popping up testing for this issue.  I know this is possibly overly motherly, sorry, but be careful.  You may not know who is running the site, what they are actually testing for and what is done with the information collected.  Consider sticking to the main sites and known security organisations.  

Metasploit now has a module out (https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/ssl/openssl_heartbleed.rb). NMAP likewise has a check.  QUALYS has their SSLLABS page.  Other security vendors are also providing checks in their scanning products.  

Not saying the free scanners are "evil", just saying be careful what you use.  

Cheers

Mark H

Keywords:
6 comment(s)
Diary Archives