Discussion in 'Prevx Releases' started by Esse, Apr 16, 2014.
Like the title say, were/are users of WSA protected from this?
No software on the clients computer can help here. The servers are vulnerable and attackers do not need to intercept your connection or anything like that. They just query vulnerable servers directly.
Btw, it has been proved that clients using software with OpenSSL can be vulnerable as well so apply updates/patches as normally and follow news on Heartbleed. Examples on vulnerable client software: Tor Browser, Qupzilla browser, LibreOffice(all 3 have released patched versions.)
Products from Kaspersky, McAfee, Symantec and others:
Joe, have you already checked if any part of WSA uses a vulnerable version of OpenSSL?(Main, backup/sync, password manager etc.)
And do we need to change passwords?
Thanks for the info.
Edit: I understand that it is on the server side the problem exist.
I had the same question to the guys at Surfright and Marc answered like this:
It could be possible to be alerted (from your security suite) if you visit an server that were not patched. I guess there will be servers out there that will remain without patch?
What say you, Joe
You can check the sites where you send sensitive information here:
I agree with Marc's response, and the Lastpass tool works quite well to check your existing sites. Neither WSA nor our infrastructure are vulnerable to it.
While I agree that it would be nice to notify the user if the server is unpatched, it will cause users to be confused and think something is wrong on their device, when in fact, there is nothing they can do.
Ok, thanks all.
I will redirect concerned costumers to the links provided by vojta.
I have used the LastPass tool. It works very well indeed.
About the LastPass tool, it would be wise to read this:
Danke u BoerenkoolMetWorst!
Uh oh! Now what do we do?
The other test page that I posted is one of those that work right, according to that article:
Very helpful, thank you!
Separate names with a comma.