4/10/2014

My Heartbleeds, but not for thee

Big no Op

The CVE turns out is specific to a release of openssl, which didn't come out until 2012

We run mostly RHEL5 which "froze" the upstream release of openssl included in this release
[ before ] the vulnerable openssl release in 2012.

An advantage sometimes in not riding the bleeding edge... wheee

RHEL5 is by no means abandoned, it still gets regular updates and patches to the "frozen" upstream code its based on from Red Hat. We just missed the party.

So ironically none of our Production services were affected.

Doesn't mean the calls didn't come in though,

[ Is the World Ending? ]

[ Are you gonna make me change my password? ]

Yes the world is ending for some, but not for us, not today.

[ Darn, I was hoping to Party like its 1999.. ]

Sorry..

"Move along, these aren't the Droids your looking for..."