Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

How to know if a Linux-based computer is affected by Heartbleed?

C

Cubytus

macrumors 65816
Original poster
Mar 2, 2007
1,444
25
Hello there,

I have a MyBook Live, running a stripped-down Debian, and would like to know what would be the way to check if it's affected by the Heartbleed bug, and if so, how to secure it. Currently it is not accessible from the Internet, but all my small devices are running a version of Linux, so that would be useful for the others.
 
Cubytus said:
Hello there,

I have a MyBook Live, running a stripped-down Debian, and would like to know what would be the way to check if it's affected by the Heartbleed bug, and if so, how to secure it. Currently it is not accessible from the Internet, but all my small devices are running a version of Linux, so that would be useful for the others.
Click to expand...

The first thing to do is check your version of OpenSSL. Only specific version numbers contain the Heartbeat code, and that feature is the only thing that's vulnerable to Hearbleed.

See here for the openSSL versions affected:
http://en.wikipedia.org/wiki/Heartbleed#Affected_servicesd

The second thing to do is run a test. There are public services and published code that can do this. See here:
http://en.wikipedia.org/wiki/Heartbleed#Vulnerability_testing_services
 
I recently tried Linux for the first time as a VM. Pretty cool OS actually, hard to believe it's totally free. If I ever need a new computer and can't afford a Mac, it's Linux all the way for me. I'd probably get a Chromebook and install Ubuntu.
 
iBlazed said:
I recently tried Linux for the first time as a VM. Pretty cool OS actually, hard to believe it's totally free. If I ever need a new computer and can't afford a Mac, it's Linux all the way for me. I'd probably get a Chromebook and install Ubuntu.
Click to expand...

Get an actual computer if you're gonna do that. Chromebooks are alright for what they are, but those 32GB SSDs that come standard in all of them will start feeling real constrained real fast once you pair it with a full fledged OS.
 
Renzatic said:
Get an actual computer if you're gonna do that. Chromebooks are alright for what they are, but those 32GB SSDs that come standard in all of them will start feeling real constrained real fast once you pair it with a full fledged OS.
Click to expand...

Not all of them. This one actually has a 320GB HDD.
http://www.amazon.com/Acer-C710-205...qid=1397350549&sr=8-2&keywords=chromebook+hdd

Regardless, I hope I never have to downgrade to something like that. After a MBA everything else just feels cheap.
 
As an Amazon Associate, MacRumors earns a commission from qualifying purchases made through links in this post.
iBlazed said:
I recently tried Linux for the first time as a VM. Pretty cool OS actually, hard to believe it's totally free. If I ever need a new computer and can't afford a Mac, it's Linux all the way for me. I'd probably get a Chromebook and install Ubuntu.
Click to expand...
Funny, I came familiar with Mac OS X using Linux first :)

chown33 said:
The first thing to do is check your version of OpenSSL. Only specific version numbers contain the Heartbeat code, and that feature is the only thing that's vulnerable to Hearbleed.

See here for the openSSL versions affected:
http://en.wikipedia.org/wiki/Heartbleed#Affected_servicesd

The second thing to do is run a test. There are public services and published code that can do this. See here:
http://en.wikipedia.org/wiki/Heartbleed#Vulnerability_testing_services
Click to expand...
Ok, so I tested all Unix-Like machines using the
Code: 
openssl version -a
command.

MacBook: 0.9.8y
MacBook Pro: 1.0.1f (AFFECTED, still no patch from Apple)
MyBook Live: 0.9.8g
Raspberry Pi: 1.0.1e (AFFECTED)
PC: 1.0.1 (AFFECTED)
iPad, iPhone: 0.9.8y
Router: unknown. Has https interface but no openssl? Not sure I understand how openSSL is linked to openSSH.
 
Cubytus said:
Funny, I came familiar with Mac OS X using Linux first :)
Click to expand...

I came familiar with Macs after causing damage to my home when I forgot to open the window before throwing my Dell out of it. :D

That was in 2005. I had to reformat that hard drive and reinstall XP on it every couple of months. I reached the end of my rope and bought a 14 inch iBook G4. Never looked back from there. Windows free for almost a decade!
 
iBlazed said:
Not all of them. This one actually has a 320GB HDD.
http://www.amazon.com/Acer-C710-205...qid=1397350549&sr=8-2&keywords=chromebook+hdd
Click to expand...

Well hell. I learned something new.

Regardless, I hope I never have to downgrade to something like that. After a MBA everything else just feels cheap.
Click to expand...

Well, yeah. You're looking at Chromebooks. Even the best of the best among them won't come close to comparing to an MBA. If you want to go whole hog into Linux from a Mac, get a good, comparable PC to run it on. My picks would be the new Razer Blade 14" or an Asus Zenbook Prime (both with nice high density displays, which I'm starting to think is an absolute must these days).
 
As an Amazon Associate, MacRumors earns a commission from qualifying purchases made through links in this post.
Cubytus said:
Router: unknown. Has https interface but no openssl? Not sure I understand how openSSL is linked to openSSH.
Click to expand...

Why bring up openSSH? Is that something your router supports or uses?

I googled search terms openssh openssl and found several articles saying that OpenSSH doesn't have the vulnerability. Here's one:
http://www.net-security.org/secworld.php?id=16661
OpenSSH does not seem to be susceptible to the vulnerability as OpenSSL is used for key generation, but not communication.

Maybe you should identify your exact router model, so we know what you're referring to. Vagueness is a liability in solving potential security problems.


Test the router using an "offline test" program against the HTTPS server in the router. A Python one was linked to in the Wikipedia article I linked earlier. Python is available by default in Mac OS X, in Terminal.app. I also know of one written in Go, but you're unlikely to have that language, so it's less useful.


Most (if not all) routers by default don't have a public-facing configuration service. That is, from the "internet" side, you can't reach the router's builtin server. There is typically an option to enable this capability, but unless there's a very good reason, don't. Obviously, this varies by router and manufacturer.

Also, the router may present only an HTTP configuration service to the LAN. HTTPS may need to be enabled, and HTTP disabled. Again, the options here are usually configurable.
 
This is a standard dd-wrt. I connect to it through SSH, but for some reason the https interface just let me down. Script returns "Connection refused".

I tried to re-enable the HTTPS interface following these instructions, but they don't work. Although Internet access is fine, there's no interface showing up. Connection is only possible through SSH.
 
I manually set it at 8080, and tried to open the web interface both at 8080 and 443. None work.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back