Monday, April 14, 2014

Scan, Scan, and Scan Again for Heartbleed

Whatever scanner you choose to use, make sure to scan your resources thoroughly, both before and after you patch.

Why? Read through this thread:

Redhat released a patch, but people who scanned their systems after the patch were still showing as vulnerable. Turns out an add-on called mod_spdy was still vulnerable to Heartbleed, which made the patch from Redhat ineffective.

So, even after you've patched, scan again.

I would argue it would be a good idea to set up a recurring, regular scan (possibly adding this to your external/internal port scans) for the foreseeable future. I'd like to think that no one will create new software with the vulnerable versions of OpenSSL, but the chances a vulnerable version could get slipped into a product (by accident or intentionally) is probably pretty high.