Hi,
I've seen a bunch of scans for this exploit across my hosts, and
have already heard of some hosts compromised by it:
http://seclists.org/fulldisclosure/2014/Apr/240
So if you run Nagios NRPE, please make sure to:
- Firewall it off appropriately
- Use its config options for restricting who can talk to it
- Disable client specification of command arguments if possible
- Upgrade to a fixed version
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
Hello,
If you've been reading tech news in the last 24 hours then you're
probably aware of "heartbleed", but if not then you will want to
have a read of:
http://heartbleed.com/
and take appropriate action.
If you trust this site you can use it to check if your HTTPS server
is vulnerable or not:
http://filippo.io/Heartbleed/
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
