Page 1 of 2 12 LastLast
Results 1 to 15 of 27
  1. #1

    cptkrf's Avatar
    Member Since
    Dec 08, 2009
    Location
    The same as Sheldon Cooper - East Texas
    Posts
    453
    Specs:
    iMac 2014 i5 5k 32gb 1tb fusion, second TB display, 2014 MBA
    Heartbeat OpenSSL bug does not affect OSX.
    Sorry about that. Should have used both words in the title. Heartbeat is the the name of the condition at risk. Heartbleed is the name given to the problem.

    FYI

    If you run the command…

    openssl version

    you should get the prompt, OpenSSL 0.9.8y, which is unaffected. You can google up the complicated reason why it isn’t.

    However there is a caveat. It is possible that some program that was installed since the last OSX update might have replaced the default version with updated buggy code.

    The above command is how to make sure it hasn’t been replaced.
    Last edited by cptkrf; 04-08-2014 at 09:14 PM.

  2. #2

    rainbowcat's Avatar
    Member Since
    Nov 12, 2011
    Posts
    218
    Specs:
    MBA mid-2013 1.3GHz i5, 4GB 1600MHz DDR3, Intel HD Graphics 5000 1536MB; iPhone 6; iPad Air2, 64GB
    But Heartbleed (we are talking about the same thing, I think) can still steal your data from web sites that you visit, so you should change all passwords, right?

  3. #3

    cptkrf's Avatar
    Member Since
    Dec 08, 2009
    Location
    The same as Sheldon Cooper - East Texas
    Posts
    453
    Specs:
    iMac 2014 i5 5k 32gb 1tb fusion, second TB display, 2014 MBA
    Quote Originally Posted by rainbowcat View Post
    But Heartbleed (we are talking about the same thing, I think) can still steal your data from web sites that you visit, so you should change all passwords, right?
    It is hard to determine with all the BS that is coming in from trolling posters on every forum. But, so far I have distilled the following out of the noise.

    The bug affects sites with web and email servers. They have to be fixed before the problem goes away. But, to the question (about a zillion posters have asked it in the last day) of, "If I have a patched or non-affected OpenSSL installation that I connect with, am I at risk?"

    So far the answers are Yes, No and It Depends.

    Since it is a server problem, I don't expect Apple to rush out any fix. Actually, I don't expect any fix at all since the OSX version of OpenSSL doesn't have the problem. Now, to the question of, "if you have a buggy SSL, and go to a server that does not, are you at risk?" I don't think so. It appears that the exploit has to be from the server end.

    But to your question. I definitely will change my passwords on any important accounts, but only after I get word that their server is patched, or was found to never have had the problem, because, to change a password, you have to enter the old one. Why make it easy for someone to hack.

    Lots of sites are already posting the info about their server status.
    Last edited by cptkrf; 04-08-2014 at 09:32 PM.

  4. #4


    Member Since
    Jan 22, 2010
    Location
    Victoria, BC
    Posts
    20,911
    Specs:
    Mid-2012 MBP (16GB, 1TB HD), Monoprice 24-inch second monitor, iPhone 5s 32GB, iPad Air 2 64GB
    I think the advice is this article is more than a little overboard, but here's what Cult of Mac has to say:

    Heartbleed Security Bug: What Apple Users Need to Know | Cult of Mac

    Aside from dancing around like your hair's on fire, I have to point out that this exploit has been around since March with no reported problems. YES, I'd avoid logging into sites that aren't on the all-clear list for a while. But changing every password for every site? Uh, no.

    It's a serious problem, but any site worth its salt is downgrading (or replacing) its OpenSSL implementation as we speak, so I think this is another case of "could be dangerous, everybody FREAK THE F OUT" instead of "let's take sensible precautions in an orderly way."

    Less hysterical article on the topic: http://www.sitepronews.com/2014/04/0...part-internet/
    Last edited by chas_m; 04-09-2014 at 03:58 AM.

  5. #5

    MBP17•David's Avatar
    Member Since
    Feb 04, 2014
    Location
    Great Britain
    Posts
    537
    Specs:
    MBP17 8GB/1.9TB 2xSSDs Sierra • MBA11 4/128GB • TC 2TB • TV3 • iPh6 128GB • iPadPro12
    Quote Originally Posted by cptkrf View Post
    If you run the command…

    openssl version

    you should get the prompt, OpenSSL 0.9.8y, which is unaffected.
    I got OpenSSL 1.0.0a 1 Jun 2010

    Do I need to, or indeed can, do anything about it?
    Dvid

  6. #6

    bobtomay's Avatar
    Member Since
    Dec 22, 2006
    Location
    Texas, where else?
    Posts
    26,516
    Specs:
    15" MBP '06 2.33 C2D 4GB 10.7; 13" MBA '14 1.8 i7 8GB 10.11; 21" iMac '13 2.9 i5 8GB 10.11; 6S
    Have a read here:

    Heartbleed Bug


    ...
    Attached Images Attached Images
    I cannot be held responsible for the things that come out of my mouth.
    In the Windows world, most everything folks don't understand is called a virus.

  7. #7

    MBP17•David's Avatar
    Member Since
    Feb 04, 2014
    Location
    Great Britain
    Posts
    537
    Specs:
    MBP17 8GB/1.9TB 2xSSDs Sierra • MBA11 4/128GB • TC 2TB • TV3 • iPh6 128GB • iPadPro12
    thanks bobtomay, appreciate your help.
    Dvid

  8. #8

    vansmith's Avatar
    Member Since
    Oct 19, 2008
    Location
    Toronto
    Posts
    19,782
    Specs:
    2012 13" MBP (2.5 i5, 8GB)
    I think it's important, as cptkrf has, to differentiate between OpenSSL on your machine and the version of OpenSSL installed on machines that you connect to. Does it affect the version that comes with OS X? No. Might it affect servers that you connect to? Absolutely and in this sense, it very much does affect OS X users (all users in fact).
    Important Links: Community Guidelines : Use the reputation system if you've been helped.
    M-F Blog :: Write for the blog
    Writing a Quality Post

  9. #9

    MBP17•David's Avatar
    Member Since
    Feb 04, 2014
    Location
    Great Britain
    Posts
    537
    Specs:
    MBP17 8GB/1.9TB 2xSSDs Sierra • MBA11 4/128GB • TC 2TB • TV3 • iPh6 128GB • iPadPro12
    Quote Originally Posted by vansmith View Post
    I think it's important, as cptkrf has, to differentiate between OpenSSL on your machine and the version of OpenSSL installed on machines that you connect to. Does it affect the version that comes with OS X? No. Might it affect servers that you connect to? Absolutely and in this sense, it very much does affect OS X users (all users in fact).
    Yup, staying away from quite a few of my regular sites / forums, until they fix the problem:

    Dvid

  10. #10

    vansmith's Avatar
    Member Since
    Oct 19, 2008
    Location
    Toronto
    Posts
    19,782
    Specs:
    2012 13" MBP (2.5 i5, 8GB)
    Quote Originally Posted by chas_m View Post
    It's a serious problem, but any site worth its salt is downgrading (or replacing) its OpenSSL implementation as we speak, so I think this is another case of "could be dangerous, everybody FREAK THE F OUT" instead of "let's take sensible precautions in an orderly way."
    True but there is a disjoint between web developers and web host unless the developers host their own content. As you might know, the installs for software are not controlled by the web developers - they are subject to the whims of the web host. While I'm sure the hosts are trying to keep up to date, if they don't, a whole collection of websites will be "out of date."
    Important Links: Community Guidelines : Use the reputation system if you've been helped.
    M-F Blog :: Write for the blog
    Writing a Quality Post

  11. #11


    Member Since
    Mar 31, 2011
    Posts
    59
    I checked my MBP as instructed here, and got OpenSSL 0.9.8y.

    But I need to log into Apple iTunes, so I checked apple.com, and got this:



    Chas_m wrote, "I'd avoid logging into sites that aren't on the all-clear list for a while". I take that to apply to Apple, yes?

    Thanks.

  12. #12

    vansmith's Avatar
    Member Since
    Oct 19, 2008
    Location
    Toronto
    Posts
    19,782
    Specs:
    2012 13" MBP (2.5 i5, 8GB)
    There's more info in the FAQ that explains the error.
    Important Links: Community Guidelines : Use the reputation system if you've been helped.
    M-F Blog :: Write for the blog
    Writing a Quality Post

  13. #13

    MYmacROX's Avatar
    Member Since
    Mar 17, 2009
    Posts
    3,625
    Specs:
    2008 15" MBP Yosemite, 2012 21.5" iMac Yosemite
    Engadget is reporting that some routers are vulnerable too. I have a D-Link router (and I know some on here do as well) so I went to their forums and found this link with a list of all affected routers. LINK
    64GB iPhone 6, 64GB iPad Air 2.

    Reminder: Please include your Mac's specs. This will make it much easier for the other members to assist you.

  14. #14

    TattooedMac's Avatar
    Member Since
    May 19, 2009
    Location
    Waiting for a mate . . .
    Posts
    8,437
    Specs:
    21" iMac 2.9Ghz 16GB RAM - 10.11.3, iPhone6s & iPad Air 2 - iOS 9.2.1, ATV 4Th Gen tvOS, ATV3
    So what has iNet done about it and the security of Mac-Forums ??
    Dont forget to use the Reputation System if someone has helped you out !!!
    Arguing with a zealot is only slightly easier than tunneling through a mountain with your forehead!!!!!
    MoTM ☆☆☆

  15. #15


    Member Since
    Apr 12, 2008
    Posts
    455
    What I find odd about the advice being given out by the press, is that they say, for example, not to use online banking until the bank's web site has verified that they are not affected by Heartbleed, or they have rectified their web site. Not sure about anyone else, but my bank has issued me with a code generator. This is part of the log-in process, and the code is different for each log-in. So if someone got the rest of your log-in details, how would they circumvent the one-off code?
    Am I missing something here?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. ShellShock bug in OSX and 'nix
    By cptkrf in forum Security Awareness
    Replies: 51
    Last Post: 10-04-2014, 10:49 PM
  2. Strange OSX Lion bug???
    By jim123321 in forum OS X - Operating System
    Replies: 1
    Last Post: 11-19-2011, 05:27 PM
  3. Heartbeat..
    By SleeperSS in forum Apple Desktops
    Replies: 11
    Last Post: 05-04-2010, 08:07 PM
  4. Display bug on OSX
    By dougy in forum OS X - Operating System
    Replies: 6
    Last Post: 10-16-2009, 10:38 PM
  5. Mac OSX Bug
    By Liam in forum Schweb's Lounge
    Replies: 11
    Last Post: 11-28-2006, 04:44 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •