Monday, May 12, 2014

Easy way to confirm that Centos is patched against Heartbleed

This post should have been posted earlier, but here it is anyway... If you run a Centos box you'll notice that packages are not updated as regular as other distros like Ubuntu. However since the Heartbleed vulnerability is pretty sick, the developers at Centos issued a patch. A simple yum update openssl should fix it. To confirm:
╭─james@darktech  ~ 
╰─$ for i in `seq 1 4`; do ssh root@tech-qa0$i "rpm -q --changelog openssl | grep CVE-2014-0160"; done                       255 ↵

- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension
- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension
- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension
- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension

The Internet of Things

Today I stumbled across a concept which although not new to me, never realized it was called like that  - The Internet of Things.
In a seminal 2009 article for the RFID Journal, "That 'Internet of Things' Thing", Ashton made the following assessment:
Today computers—and, therefore, the Internet—are almost wholly dependent on human beings for information. Nearly all of the roughly 50 petabytes (a petabyte is 1,024 terabytes) of data available on the Internet were first captured and created by human beings—by typing, pressing a record button, taking a digital picture, or scanning a bar code. Conventional diagrams of the Internet ... leave out the most numerous and important routers of all - people. The problem is, people have limited time, attention and accuracy—all of which means they are not very good at capturing data about things in the real world. And that's a big deal. We're physical, and so is our environment ... You can't eat bits, burn them to stay warm or put them in your gas tank. Ideas and information are important, but things matter much more. Yet today's information technology is so dependent on data originated by people that our computers know more about ideas than things. If we had computers that knew everything there was to know about things—using data they gathered without any help from us—we would be able to track and count everything, and greatly reduce waste, loss and cost. We would know when things needed replacing, repairing or recalling, and whether they were fresh or past their best. The Internet of Things has the potential to change the world, just as the Internet did. Maybe even more so.[21]
—Kevin Ashton, 'That 'Internet of Things' Thing', RFID Journal, July 22, 2009