How to know if a Linux-based computer is affected by Heartbleed?

Discussion in 'Community Discussion' started by Cubytus, Apr 12, 2014.

  1. Cubytus macrumors 65816

    Joined:
    Mar 2, 2007
    #1
    Hello there,

    I have a MyBook Live, running a stripped-down Debian, and would like to know what would be the way to check if it's affected by the Heartbleed bug, and if so, how to secure it. Currently it is not accessible from the Internet, but all my small devices are running a version of Linux, so that would be useful for the others.
     
  2. chown33 macrumors 604

    Joined:
    Aug 9, 2009
    Location:
    Brobdingnag
    #2
    The first thing to do is check your version of OpenSSL. Only specific version numbers contain the Heartbeat code, and that feature is the only thing that's vulnerable to Hearbleed.

    See here for the openSSL versions affected:
    http://en.wikipedia.org/wiki/Heartbleed#Affected_servicesd

    The second thing to do is run a test. There are public services and published code that can do this. See here:
    http://en.wikipedia.org/wiki/Heartbleed#Vulnerability_testing_services
     
  3. iBlazed macrumors 68000

    iBlazed

    Joined:
    Feb 27, 2014
    Location:
    New Jersey, United States
    #3
    I recently tried Linux for the first time as a VM. Pretty cool OS actually, hard to believe it's totally free. If I ever need a new computer and can't afford a Mac, it's Linux all the way for me. I'd probably get a Chromebook and install Ubuntu.
     
  4. Renzatic Suspended

    Renzatic

    Joined:
    Aug 3, 2011
    Location:
    Gramps, what the hell am I paying you for?
    #4
    Get an actual computer if you're gonna do that. Chromebooks are alright for what they are, but those 32GB SSDs that come standard in all of them will start feeling real constrained real fast once you pair it with a full fledged OS.
     
  5. iBlazed macrumors 68000

    iBlazed

    Joined:
    Feb 27, 2014
    Location:
    New Jersey, United States
    #5
    Not all of them. This one actually has a 320GB HDD.
    http://www.amazon.com/Acer-C710-205...qid=1397350549&sr=8-2&keywords=chromebook+hdd

    Regardless, I hope I never have to downgrade to something like that. After a MBA everything else just feels cheap.
     
  6. Cubytus thread starter macrumors 65816

    Joined:
    Mar 2, 2007
    #6
    Funny, I came familiar with Mac OS X using Linux first :)

    Ok, so I tested all Unix-Like machines using the
    Code:
    openssl version -a
    command.

    MacBook: 0.9.8y
    MacBook Pro: 1.0.1f (AFFECTED, still no patch from Apple)
    MyBook Live: 0.9.8g
    Raspberry Pi: 1.0.1e (AFFECTED)
    PC: 1.0.1 (AFFECTED)
    iPad, iPhone: 0.9.8y
    Router: unknown. Has https interface but no openssl? Not sure I understand how openSSL is linked to openSSH.
     
  7. iBlazed macrumors 68000

    iBlazed

    Joined:
    Feb 27, 2014
    Location:
    New Jersey, United States
    #7
    I came familiar with Macs after causing damage to my home when I forgot to open the window before throwing my Dell out of it. :D

    That was in 2005. I had to reformat that hard drive and reinstall XP on it every couple of months. I reached the end of my rope and bought a 14 inch iBook G4. Never looked back from there. Windows free for almost a decade!
     
  8. Renzatic Suspended

    Renzatic

    Joined:
    Aug 3, 2011
    Location:
    Gramps, what the hell am I paying you for?
    #8
    Well hell. I learned something new.

    Well, yeah. You're looking at Chromebooks. Even the best of the best among them won't come close to comparing to an MBA. If you want to go whole hog into Linux from a Mac, get a good, comparable PC to run it on. My picks would be the new Razer Blade 14" or an Asus Zenbook Prime (both with nice high density displays, which I'm starting to think is an absolute must these days).
     
  9. chown33 macrumors 604

    Joined:
    Aug 9, 2009
    Location:
    Brobdingnag
    #9
    Why bring up openSSH? Is that something your router supports or uses?

    I googled search terms openssh openssl and found several articles saying that OpenSSH doesn't have the vulnerability. Here's one:
    http://www.net-security.org/secworld.php?id=16661
    OpenSSH does not seem to be susceptible to the vulnerability as OpenSSL is used for key generation, but not communication.

    Maybe you should identify your exact router model, so we know what you're referring to. Vagueness is a liability in solving potential security problems.


    Test the router using an "offline test" program against the HTTPS server in the router. A Python one was linked to in the Wikipedia article I linked earlier. Python is available by default in Mac OS X, in Terminal.app. I also know of one written in Go, but you're unlikely to have that language, so it's less useful.


    Most (if not all) routers by default don't have a public-facing configuration service. That is, from the "internet" side, you can't reach the router's builtin server. There is typically an option to enable this capability, but unless there's a very good reason, don't. Obviously, this varies by router and manufacturer.

    Also, the router may present only an HTTP configuration service to the LAN. HTTPS may need to be enabled, and HTTP disabled. Again, the options here are usually configurable.
     
  10. Cubytus thread starter macrumors 65816

    Joined:
    Mar 2, 2007
    #10
    This is a standard dd-wrt. I connect to it through SSH, but for some reason the https interface just let me down. Script returns "Connection refused".

    I tried to re-enable the HTTPS interface following these instructions, but they don't work. Although Internet access is fine, there's no interface showing up. Connection is only possible through SSH.
     
  11. kolax macrumors G3

    Joined:
    Mar 20, 2007
    #11
    What port is it expecting?
     
  12. Cubytus thread starter macrumors 65816

    Joined:
    Mar 2, 2007
    #12
    I manually set it at 8080, and tried to open the web interface both at 8080 and 443. None work.
     

Share This Page