#10260157, By sharpkiddie EG and Heartbleed?

  • sharpkiddie Staff 10 Apr 2014 13:38:03 473 posts
    Seen 1 day ago
    Registered 16 years ago

    EG frontend servers don't respond to https:// connections, so there isn't really anything to exploit there. The few management systems we run over SSL are on openssl-0.9.8, which is a branch unaffected by heartbleed.

    Our image servers also respond to SSL requests, but again are on 0.9.8 (and don't have anything sensitive on them anyway). Services such as DBs and so forth are all isolated from the internet and so would not be reachable regardless.

    We think we're fine, but if you are using your EG password elsewhere, I would recommend changing it because we cannot comment on the security of other systems.

    But... if we do find anything of concern, we'll let you all know straight away.
Log in or register to reply