Reply to post:

Cloud sellers who acted on Heartbleed sink when it comes to DROWN

Charlie Clark Silver badge

The German BSI (Federal Office of IT Security) has been contacting the various ISPs / data centres after scanning them and providing lists of probably vulnerable. Intern the ISPs are contacting the relevant server owners. Would be nice to see more of this, even if the initial e-mail suggested that there might have been a security breach and that the server would be shutdown if no action was taken.

I did have to fix one system but was able to track down the relevant instructions pretty easily. It's an older Debian system and gave me another reason to curse "packaged systems". Compiling and installing a new version of openssl was no problem. But, of course, you have to deal with non-standard paths and then configure the relevant services (e-mail, mainly). The server is due for an upgrade to something newer but there are no convenient tools for migrating things like e-mail addresses. :-/

Good place to start if you need to check.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020