Author Topic: Vera (mios) affected by heartbleed  (Read 4840 times)

Offline reality416

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
Vera (mios) affected by heartbleed
« on: April 08, 2014, 10:02:36 pm »
When will fwdX.mios.com be updated to not be affected by heartbleed?  Currently the fwdX.mios.com sites are insecure.

Offline mcv.vlad

  • Jr. Member
  • **
  • Posts: 68
  • Karma: +5/-0
Re: Vera (mios) affected by heartbleed
« Reply #1 on: April 09, 2014, 01:42:19 am »
We already started checking, patching and testing all servers since yesterday. If you think we missed one or one is still vulnerable send me a message with the server domain.

Thank you for the information!
Vlad
« Last Edit: April 09, 2014, 01:44:04 am by mcv.vlad »

Offline reality416

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
Re: Vera (mios) affected by heartbleed
« Reply #2 on: April 09, 2014, 09:13:06 am »
Yep - fwd1, fwd2, fwd3.mios.com are all vulnerable (at least according to http://filippo.io/Heartbleed/#fwd1.mios.com)

Offline simdude

  • Jr. Member
  • **
  • Posts: 74
  • Karma: +0/-0
Re: Vera (mios) affected by heartbleed
« Reply #3 on: April 09, 2014, 09:15:55 am »
What action should we be taken until this is patched? Can we temporarily disable access from outside our home networks?

Offline jtmoore

  • Full Member
  • ***
  • Posts: 171
  • Karma: +2/-1
jtmoore

Offline TC1

  • Hero Member
  • *****
  • Posts: 1088
  • Karma: +90/-88
Re: Vera (mios) affected by heartbleed
« Reply #5 on: April 09, 2014, 01:34:31 pm »
We've been patching our massive amount of website properties and one thing to to remember is that many of the Heartbleed testing sites cache the results for as long as 30 minutes, so if you patch a server you need to wait a certain amount of time to retest or simply use an alternate testing site.

-TC

Offline sgruby

  • Jr. Member
  • **
  • Posts: 62
  • Karma: +3/-1
Re: Vera (mios) affected by heartbleed
« Reply #6 on: April 09, 2014, 02:42:34 pm »
While you've patched the system, you need to recreate your private key, revoke the SSL certificate and regenerate it. All of your *.mios.com are affected until you get a new SSL certificate. Your wildcard certificate expires on July 6, 2014, so you haven't done this. Changing our passwords before you do this is kind of pointless.

Offline reality416

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
Re: Vera (mios) affected by heartbleed
« Reply #7 on: April 09, 2014, 03:11:58 pm »
While you've patched the system, you need to recreate your private key, revoke the SSL certificate and regenerate it. All of your *.mios.com are affected until you get a new SSL certificate. Your wildcard certificate expires on July 6, 2014, so you haven't done this. Changing our passwords before you do this is kind of pointless.

+1 on this.  Great that the first step of patching the server has been done, but the certs are still the old ones.

Offline Alecs

  • DevOp
  • Administrator
  • Newbie
  • *****
  • Posts: 9
  • Karma: +0/-0
Re: Vera (mios) affected by heartbleed
« Reply #8 on: April 10, 2014, 05:53:12 am »
Hello,

Heartbleed caches results. We have patched all our servers.

We are working on getting new certificates in place.

Offline mbairhead

  • Hero Member
  • *****
  • Posts: 516
  • Karma: +5/-2
Re: Vera (mios) affected by heartbleed
« Reply #9 on: April 14, 2014, 08:47:35 am »
Any idea when the new certs will be in place? I'm still getting the "Peer's Certificate has been revoked." when connecting remotely.

Offline Floor61

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
Re: Vera (mios) affected by heartbleed
« Reply #10 on: April 14, 2014, 09:23:40 am »
Any idea when the new certs will be in place? I'm still getting the "Peer's Certificate has been revoked." when connecting remotely.

x2 - and I've got contractors coming to the house this week...not a great week to not have webcam and door control.

Offline mcv.vlad

  • Jr. Member
  • **
  • Posts: 68
  • Karma: +5/-0
Re: Vera (mios) affected by heartbleed
« Reply #11 on: April 14, 2014, 10:55:19 am »
We are replacing certificates on all servers.

Vlad

Offline Don Diego

  • Hero Member
  • *****
  • Posts: 534
  • Karma: +300/-3
Re: Vera (mios) affected by heartbleed
« Reply #12 on: April 14, 2014, 12:34:58 pm »
We are replacing certificates on all servers.

Vlad

Any guess when this will be completed?

   Don
Vera 3 (@1.5.622) (3); Vera Plus (2);
Trane/Schlage TStats (1); Schlage Deadbolt (2); Kwikset Lock (3);  GE 45602 Dimmer (14); GE 45603 Dimmer (17); HSM-100 (16); Everspring Siren (8), Everspring Temp/Humidity (4); HSM 200 (1)

Offline mbairhead

  • Hero Member
  • *****
  • Posts: 516
  • Karma: +5/-2
Re: Vera (mios) affected by heartbleed
« Reply #13 on: April 14, 2014, 12:38:11 pm »
We are replacing certificates on all servers.

Vlad
I get and understand but a wild timeline would be helpful...an hour, a day, a week?

Offline Les F

  • Hero Member
  • *****
  • Posts: 566
  • Karma: +7/-0
Re: Vera (mios) affected by heartbleed
« Reply #14 on: April 14, 2014, 12:46:15 pm »

Yes.. 12:45 Eastern Time and still is a problem.....

Google+ http://bit.ly/2MAVlkR / Instagram: http://bit.ly/2lIcsFT / Pinterest http://bit.ly/2KCSYRm (Yes, Pinterest is for guys too! take a look)