Update 4-11-2014:
Inside job? https://www.eff.org/deeplinks/2014/04/wild-heart-were-intelligence-agencies-using-heartbleed-november-2013
Current issues, 1 word:
Pants!
Patch yourself people. This is bad!
If you can't patch, just down for now and ip block for what you can't down!
Think of the following:
pFsense (not 1.2.3, but 2.1 versions)!
Any ssl enabled Apache site compiled against Openssl libs.
Any mail server running IMAP or POP3 over SSL.
Any SSL based VPN.
There is exploit code out there.
To check your versions of procs:
Follow up by checking the date and time of the lib (and version if you can).
You are shooting for libcrypto 1.0.1g and a date of 4/7/14 (Monday) for Ubuntu stuff.
cat /proc/*/maps | grep -i libcrypto
Pyopenssl does "detect" this attack. You should see:
[08/Apr/2014:21:36:12] ENGINE AttributeError("'module' object has no attribute 'socket_errors_to_ignore'",)
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/cherrypy/wsgiserver/wsgiserver2.py", line 1292, in communicate
req.parse_request()
File "/usr/local/lib/python2.7/dist-packages/cherrypy/wsgiserver/wsgiserver2.py", line 580, in parse_request
success = self.read_request_line()
File "/usr/local/lib/python2.7/dist-packages/cherrypy/wsgiserver/wsgiserver2.py", line 611, in read_request_line
request_line = self.rfile.readline()
File "/usr/local/lib/python2.7/dist-packages/cherrypy/wsgiserver/wsgiserver2.py", line 274, in readline
data = self.rfile.readline(256)
File "/usr/local/lib/python2.7/dist-packages/cherrypy/wsgiserver/wsgiserver2.py", line 1114, in readline
data = self.recv(self._rbufsize)
File "/usr/local/lib/python2.7/dist-packages/cherrypy/wsgiserver/ssl_pyopenssl.py", line 103, in recv
data = self._safe_call(True, r, *args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/cherrypy/wsgiserver/ssl_pyopenssl.py", line 75, in _safe_call
if is_reader and errnum in wsgiserver.socket_errors_to_ignore:
AttributeError: 'module' object has no attribute 'socket_errors_to_ignore'