Vera (mios) affected by heartbleed

#1

When will fwdX.mios.com be updated to not be affected by heartbleed? Currently the fwdX.mios.com sites are insecure.

0 Likes

#2

We already started checking, patching and testing all servers since yesterday. If you think we missed one or one is still vulnerable send me a message with the server domain.

Thank you for the information!
Vlad

0 Likes

#3

Yep - fwd1, fwd2, fwd3.mios.com are all vulnerable (at least according to http://filippo.io/Heartbleed/#fwd1.mios.com)

0 Likes

#4

What action should we be taken until this is patched? Can we temporarily disable access from outside our home networks?

0 Likes

#5

I used the following to test, and all are showing not vulnerable to Heartbleed.

https://www.ssllabs.com/ssltest/analyze.html?d=fwd1.mios.com
https://www.ssllabs.com/ssltest/analyze.html?d=fwd2.mios.com
https://www.ssllabs.com/ssltest/analyze.html?d=fwd3.mios.com

0 Likes

#6

We’ve been patching our massive amount of website properties and one thing to to remember is that many of the Heartbleed testing sites cache the results for as long as 30 minutes, so if you patch a server you need to wait a certain amount of time to retest or simply use an alternate testing site.

-TC

0 Likes

#7

While you’ve patched the system, you need to recreate your private key, revoke the SSL certificate and regenerate it. All of your *.mios.com are affected until you get a new SSL certificate. Your wildcard certificate expires on July 6, 2014, so you haven’t done this. Changing our passwords before you do this is kind of pointless.

0 Likes

#8

+1 on this. Great that the first step of patching the server has been done, but the certs are still the old ones.

0 Likes

#9

Hello,

Heartbleed caches results. We have patched all our servers.

We are working on getting new certificates in place.

0 Likes

#10

Any idea when the new certs will be in place? I’m still getting the “Peer’s Certificate has been revoked.” when connecting remotely.

0 Likes

#11

x2 - and I’ve got contractors coming to the house this week…not a great week to not have webcam and door control.

0 Likes

#12

We are replacing certificates on all servers.

Vlad

0 Likes

#13

[quote=“mcv.vlad, post:12, topic:180635”]We are replacing certificates on all servers.

Vlad[/quote]

Any guess when this will be completed?

Don

0 Likes

#14

[quote=“mcv.vlad, post:12, topic:180635”]We are replacing certificates on all servers.

Vlad[/quote]
I get and understand but a wild timeline would be helpful…an hour, a day, a week?

0 Likes

#15

Yes… 12:45 Eastern Time and still is a problem…

0 Likes

#16

Working now for me! Thanks!

0 Likes

#17

I can no longer access my verde from outside my network. I recently updated to UI6 from UI5. If I am on my network I can access the website and iphone app but outside no dice, any ideas?

0 Likes

#18

Posting in the appropriate forum/thread/starting a new one.

Opening a ticket with support.

Those ideas come quickly to mind, hope that helps.

0 Likes

#19

Not much to go on here…

Log in via getvera.com
You must create a new user account for UI6 and you can use the name username but it will have a different password with a special character.
Try MMS Vera free. Other apps are now starting to provide support for UI6

0 Likes