AnsweredAssumed Answered

Heartbleed 2

Question asked by John Zimmerman on Apr 14, 2014
Latest reply on Apr 14, 2014 by wkandek

According to today's issue of the CNET newsletter, the patch developed by Akmai for the Heartbleed bug did NOT provide protection from that bug. http://www.cnet.com/news/akamai-heartbleed-patch-not-a-fix-after-all/ I just spent a couple of days working through an extensive list of web logons and passwords, testing each one at the Qualys SSL Labs site https://www.ssllabs.com/ssltest/index.html, then changing the passwords for those that passed. How can I know whether I am now protected? Were the Qualys SSL tests sufficient, or did they only test based on the faulty "fix" from Akmai? Will there be another patch forthcoming, and if so, does that mean I need to re-test all those URLs and change the passwords again?

Outcomes