Update: HP has issued a notice to customers alerting them that scanning some versions of HP iLO (Integrated Lights-Out) will result in a DoS (Denial of Service) condition requiring physical power to be removed from the system in order to resolve it. It is a good idea to always run a scan against a limited test environment before unleashing a mass scan on your entire live network.
In the wake of the Heartbleed vulnerability revelation, many security vendors raced to provide tools to help businesses and individuals test for the flaw on their own systems. Unfortunately, many of those tools used flawed logic, or delivered inaccurate results—either causing undue alarm, or providing an unwarranted sense of security. CrowdStrike has developed a new free Heartbleed Scanner tool that delivers more comprehensive information to help you understand which systems or applications are at risk.
Netskope has been tracking the status of popular enterprise cloud apps, and the most recent weekly update claims that 35 of them have yet to patch for Heartbleed. The problem with Heartbleed is that OpenSSL is so widely used that it’s a challenge to even determine just how many servers, applications, devices, or other technologies are vulnerable.
In a blog post announcing the new CrowdStrike Heartbleed Scanner, CrowdStrike co-founder and CTO Dmitri Alperovitch explains that most of the tools that have been released may be fine for determining if your public website is vulnerable, but there was a need for a tool that can scan internal networks, and other non-HTTPS services for indications of the Heartbleed vulnerability. CrowdStrike developed a tool to fill that void.
Most security experts agree that Heartbleed is a very serious issue. In fact, many have told me that this is possibly the most critical vulnerability they’ve encountered in the last five or ten years, or possibly even in their entire career. Some of the hype and hysteria around Heartbleed has been misleading, but the stark, simple reality is that it’s a big deal, and organizations need to be able to identify vulnerable devices and technologies so they can take steps to patch or remediate.
The CrowdStrike Heartbleed Scanner can scan Intranet SSL websites, OpenSSL VPNs, secure FTP servers, databases, secure SMTP / POP/ IMAP email servers, routers—even printers and smartphones. The CrowdStrike tool doesn’t just show a list of vulnerable servers or devices. It also outputs the contents of the 64kb of memory that are returned by exploiting Heartbleed so you can see what impact the flaw could have on your network and services.
You can download the CrowdStrike Heartbleed Scanner for free here.