Page 1 of 2 12 LastLast
Results 1 to 15 of 27
  1. #1
    Heartbeat OpenSSL bug does not affect OSX.
    cptkrf's Avatar
    Member Since
    Dec 08, 2009
    Location
    The same as Sheldon Cooper - East Texas
    Posts
    453
    Specs:
    iMac 2014 i5 5k 32gb 1tb fusion, second TB display, 2014 MBA
    Heartbeat OpenSSL bug does not affect OSX.
    Sorry about that. Should have used both words in the title. Heartbeat is the the name of the condition at risk. Heartbleed is the name given to the problem.

    FYI

    If you run the command…

    openssl version

    you should get the prompt, OpenSSL 0.9.8y, which is unaffected. You can google up the complicated reason why it isn’t.

    However there is a caveat. It is possible that some program that was installed since the last OSX update might have replaced the default version with updated buggy code.

    The above command is how to make sure it hasn’t been replaced.
    Last edited by cptkrf; 04-08-2014 at 09:14 PM.

  2. #2
    Heartbeat OpenSSL bug does not affect OSX.
    rainbowcat's Avatar
    Member Since
    Nov 12, 2011
    Posts
    153
    Specs:
    MBA mid-2013 1.3GHz i5, 4GB 1600MHz DDR3, Intel HD Graphics 5000 1536MB; iPhone 4S
    But Heartbleed (we are talking about the same thing, I think) can still steal your data from web sites that you visit, so you should change all passwords, right?

  3. #3
    Heartbeat OpenSSL bug does not affect OSX.
    cptkrf's Avatar
    Member Since
    Dec 08, 2009
    Location
    The same as Sheldon Cooper - East Texas
    Posts
    453
    Specs:
    iMac 2014 i5 5k 32gb 1tb fusion, second TB display, 2014 MBA
    Quote Originally Posted by rainbowcat View Post
    But Heartbleed (we are talking about the same thing, I think) can still steal your data from web sites that you visit, so you should change all passwords, right?
    It is hard to determine with all the BS that is coming in from trolling posters on every forum. But, so far I have distilled the following out of the noise.

    The bug affects sites with web and email servers. They have to be fixed before the problem goes away. But, to the question (about a zillion posters have asked it in the last day) of, "If I have a patched or non-affected OpenSSL installation that I connect with, am I at risk?"

    So far the answers are Yes, No and It Depends.

    Since it is a server problem, I don't expect Apple to rush out any fix. Actually, I don't expect any fix at all since the OSX version of OpenSSL doesn't have the problem. Now, to the question of, "if you have a buggy SSL, and go to a server that does not, are you at risk?" I don't think so. It appears that the exploit has to be from the server end.

    But to your question. I definitely will change my passwords on any important accounts, but only after I get word that their server is patched, or was found to never have had the problem, because, to change a password, you have to enter the old one. Why make it easy for someone to hack.

    Lots of sites are already posting the info about their server status.
    Last edited by cptkrf; 04-08-2014 at 09:32 PM.

  4. #4
    Heartbeat OpenSSL bug does not affect OSX.
    chas_m's Avatar
    Member Since
    Jan 22, 2010
    Location
    Victoria, BC
    Posts
    18,933
    Specs:
    Mid-2012 MBP (16GB, 1TB HD), Monoprice 24-inch second monitor, iPhone 5s 32GB, iPad Air 2 64GB
    I think the advice is this article is more than a little overboard, but here's what Cult of Mac has to say:

    Heartbleed Security Bug: What Apple Users Need to Know | Cult of Mac

    Aside from dancing around like your hair's on fire, I have to point out that this exploit has been around since March with no reported problems. YES, I'd avoid logging into sites that aren't on the all-clear list for a while. But changing every password for every site? Uh, no.

    It's a serious problem, but any site worth its salt is downgrading (or replacing) its OpenSSL implementation as we speak, so I think this is another case of "could be dangerous, everybody FREAK THE F OUT" instead of "let's take sensible precautions in an orderly way."

    Less hysterical article on the topic: http://www.sitepronews.com/2014/04/0...part-internet/
    Last edited by chas_m; 04-09-2014 at 03:58 AM.

  5. #5
    Heartbeat OpenSSL bug does not affect OSX.
    MBP17•David's Avatar
    Member Since
    Feb 04, 2014
    Location
    England
    Posts
    517
    Specs:
    MBP17 8GB 2x960GB SSDs 10.9 • MBA11 4/128GB 10.9 • TC 2TB • TV3 • iPh6 128GB • iPh6+ 128GB
    Quote Originally Posted by cptkrf View Post
    If you run the command…

    openssl version

    you should get the prompt, OpenSSL 0.9.8y, which is unaffected.
    I got OpenSSL 1.0.0a 1 Jun 2010

    Do I need to, or indeed can, do anything about it?
    Dvid

  6. #6
    Heartbeat OpenSSL bug does not affect OSX.
    bobtomay's Avatar
    Member Since
    Dec 22, 2006
    Location
    Texas, where else?
    Posts
    26,206
    Specs:
    15" MBP '06 2.33 C2D 4GB 10.7; 13" MBA '11 1.8 i7 4GB 10.10; 21" iMac '13 2.9 i5 8GB 10.10; 5s & 5c
    Have a read here:

    Heartbleed Bug


    ...
    Attached Images Attached Images
    I cannot be held responsible for the things that come out of my mouth.
    In the Windows world, most everything folks don't understand is called a virus.

  7. #7
    Heartbeat OpenSSL bug does not affect OSX.
    MBP17•David's Avatar
    Member Since
    Feb 04, 2014
    Location
    England
    Posts
    517
    Specs:
    MBP17 8GB 2x960GB SSDs 10.9 • MBA11 4/128GB 10.9 • TC 2TB • TV3 • iPh6 128GB • iPh6+ 128GB
    thanks bobtomay, appreciate your help.
    Dvid

  8. #8
    Heartbeat OpenSSL bug does not affect OSX.
    vansmith's Avatar
    Member Since
    Oct 19, 2008
    Location
    Toronto
    Posts
    19,395
    Specs:
    2012 13" MBP (2.5 i5, 8GB)
    I think it's important, as cptkrf has, to differentiate between OpenSSL on your machine and the version of OpenSSL installed on machines that you connect to. Does it affect the version that comes with OS X? No. Might it affect servers that you connect to? Absolutely and in this sense, it very much does affect OS X users (all users in fact).
    Important Links: Community Guidelines : Use the reputation system if you've been helped.
    M-F Blog :: Write for the blog
    Writing a Quality Post

  9. #9
    Heartbeat OpenSSL bug does not affect OSX.
    MBP17•David's Avatar
    Member Since
    Feb 04, 2014
    Location
    England
    Posts
    517
    Specs:
    MBP17 8GB 2x960GB SSDs 10.9 • MBA11 4/128GB 10.9 • TC 2TB • TV3 • iPh6 128GB • iPh6+ 128GB
    Quote Originally Posted by vansmith View Post
    I think it's important, as cptkrf has, to differentiate between OpenSSL on your machine and the version of OpenSSL installed on machines that you connect to. Does it affect the version that comes with OS X? No. Might it affect servers that you connect to? Absolutely and in this sense, it very much does affect OS X users (all users in fact).
    Yup, staying away from quite a few of my regular sites / forums, until they fix the problem:

    Dvid

  10. #10
    Heartbeat OpenSSL bug does not affect OSX.
    vansmith's Avatar
    Member Since
    Oct 19, 2008
    Location
    Toronto
    Posts
    19,395
    Specs:
    2012 13" MBP (2.5 i5, 8GB)
    Quote Originally Posted by chas_m View Post
    It's a serious problem, but any site worth its salt is downgrading (or replacing) its OpenSSL implementation as we speak, so I think this is another case of "could be dangerous, everybody FREAK THE F OUT" instead of "let's take sensible precautions in an orderly way."
    True but there is a disjoint between web developers and web host unless the developers host their own content. As you might know, the installs for software are not controlled by the web developers - they are subject to the whims of the web host. While I'm sure the hosts are trying to keep up to date, if they don't, a whole collection of websites will be "out of date."
    Important Links: Community Guidelines : Use the reputation system if you've been helped.
    M-F Blog :: Write for the blog
    Writing a Quality Post

  11. #11
    Heartbeat OpenSSL bug does not affect OSX.

    Member Since
    Mar 31, 2011
    Posts
    53
    I checked my MBP as instructed here, and got OpenSSL 0.9.8y.

    But I need to log into Apple iTunes, so I checked apple.com, and got this:



    Chas_m wrote, "I'd avoid logging into sites that aren't on the all-clear list for a while". I take that to apply to Apple, yes?

    Thanks.

  12. #12
    Heartbeat OpenSSL bug does not affect OSX.
    vansmith's Avatar
    Member Since
    Oct 19, 2008
    Location
    Toronto
    Posts
    19,395
    Specs:
    2012 13" MBP (2.5 i5, 8GB)
    There's more info in the FAQ that explains the error.
    Important Links: Community Guidelines : Use the reputation system if you've been helped.
    M-F Blog :: Write for the blog
    Writing a Quality Post

  13. #13
    Heartbeat OpenSSL bug does not affect OSX.
    MYmacROX's Avatar
    Member Since
    Mar 17, 2009
    Posts
    3,626
    Specs:
    2008 15" MBP Yosemite, 2012 21.5" iMac Yosemite
    Engadget is reporting that some routers are vulnerable too. I have a D-Link router (and I know some on here do as well) so I went to their forums and found this link with a list of all affected routers. LINK
    64GB iPhone 6, 64GB iPad Air 2.

    Reminder: Please include your Mac's specs. This will make it much easier for the other members to assist you.

  14. #14
    Heartbeat OpenSSL bug does not affect OSX.
    TattooedMac's Avatar
    Member Since
    May 19, 2009
    Location
    Waiting for a mate . . .
    Posts
    8,379
    Specs:
    21" iMac 2.9Ghz 16GB RAM & 13"MBP 2.9Ghz i7 8GB RAM 10.10.3, iPhone5 & iPad Air 2 iOS 8.3, ATV3
    So what has iNet done about it and the security of Mac-Forums ??
    Dont forget to use the Reputation System if someone has helped you out !!!
    Arguing with a zealot is only slightly easier than tunneling through a mountain with your forehead!!!!!
    MoTM ☆☆☆

  15. #15
    Heartbeat OpenSSL bug does not affect OSX.

    Member Since
    Apr 12, 2008
    Posts
    403
    What I find odd about the advice being given out by the press, is that they say, for example, not to use online banking until the bank's web site has verified that they are not affected by Heartbleed, or they have rectified their web site. Not sure about anyone else, but my bank has issued me with a code generator. This is part of the log-in process, and the code is different for each log-in. So if someone got the rest of your log-in details, how would they circumvent the one-off code?
    Am I missing something here?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. ShellShock bug in OSX and 'nix
    By cptkrf in forum Security Awareness
    Replies: 51
    Last Post: 10-04-2014, 10:49 PM
  2. Strange OSX Lion bug???
    By jim123321 in forum OS X - Operating System
    Replies: 1
    Last Post: 11-19-2011, 05:27 PM
  3. Heartbeat..
    By SleeperSS in forum Apple Desktops
    Replies: 11
    Last Post: 05-04-2010, 08:07 PM
  4. Display bug on OSX
    By dougy in forum OS X - Operating System
    Replies: 6
    Last Post: 10-16-2009, 10:38 PM
  5. Mac OSX Bug
    By Liam in forum Schweb's Lounge
    Replies: 11
    Last Post: 11-28-2006, 04:44 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •