Jump to content

gregorio2

Members
  • Content Count

    9
  • Joined

  • Last visited

Profile Information

  • Location
    USA

Recent Profile Visitors

453 profile views
  1. Thanks Marcos, I thought I had done a proper search of the ESET_config.xml that I got from choosing export from bottom of initial Setup page, Went back and searched again and yeah, there it was, I will cut and paste from that file to one I have saved for laptop and import. Desktop is setup for aggressive scans because it is fast, but laptop set to defaults because it is slow single core. Again thanks, Marcos
  2. Wanted to export Banking and Payment Protection, BBP, Protected websites list to another computer and also for backup. I opened regular settings export which is in .xml and did not see it there. My list is long because I manually added all sites I regularly make bank payments to, not just banks, but utilities, insurance, credit agencies, anyone with auto-pay on my bank accounts. Best I could figure would be to individually copy each line because page copy does not work except for Print Screen. Anyone know if there is .dat or .xml file hidden somewhere? Looked through AppData,
  3. Haole Boy seemed to indicate in 2nd post that ESET Moderator's suggestion worked, since he thanked him twice. But, I had no such luck! Did anyone else have luck? Per ESET Moderators suggestion: "If you use LastPass, just enable pre-release updates to get the latest BPP module which supports it." I went to advanced setup/Update/Basic/Update type/ and set as Pre-release update and saved. Went to Update and clicked Update now. After update, I checked Product update and it is at latest, 9.0.375.0 . Opened ESET Banking & Payment protection which opened Chrome Version 50.0.2661.75 m (
  4. Arakasi, The four tools listed on Hut3's blog as good or fixed are: https://www.ssllabs.com/ssltest/index.html hxxp://possible.lv/tools/hb/ hxxp://nmap.org/nsedoc/scripts/ssl-heartbleed.html hxxp://heartbleed.criticalwatch.com/ edited I will not list all that failed to detect, go to blog, but total listed as tested was 15 with 4 good or fixed. edited The 3 most used were tested, The four tools listed on Hut3's blog as good or fixed are: https://www.ssllabs....test/index.html hxxp://possible.lv/tools/hb/ hxxp://nmap.org/nsed...heartble
  5. Over at possible.lv they had note to sys admins I had not heard before: "Patch your OpenSSL and statically linked binaries; Change your certificates, if you've been affected." That part about binaries not heard before. Also possible.lv updated at CNS Hut3 blog as fixed tool. hxxp://possible.lv/tools/hb/
  6. On blog over at CNS Hut3 they have posted results of tests on Heartbleed detection tools and have developed their own and provide gist of how they developed it. They also pointed out that 95% of current tests are providing false feel good results and false vulnerables: hxxp://www.hut3.net/blog/cns---networks-security/2014/04/14/bugs-in-heartbleed-detection-scripts- The date on blog is Apr 14, 2014, so some of those detection tools may have fixed their respective tools if they paid notice of CNS Hut3's work. A few updates to blog show some have done just that. A review of that work and
  7. Arakasi posted link to another test at hxxp://filippo.io/Heartbleed/ . Results: / All good, forum.eset.com Fixed or seems unaffected! / End results. The results are similar to the no detail, feel good results McAfee gave. That is why I posted the results from LastPass that showed Apache server which usually uses OpenSSL. Marcos posted link to ESET blog that at bottom had this quote: "Web services are not used ESET affected versions of OpenSSL, customers therefore do not change passwords." That quote is neither clear or referencing forums.eset.com. I assume Marcos you were pointin
  8. Marcos, do you speak for the person maintaining that server? A shorter answer then the short long story would be the version of SSL that is used. Edit: I finally read to bottom of link Marcos provided. See reply below.
  9. The Heartbleed OpenSSL bug has definitely brought out the paranoid side to any web activity. It behooves all who run HTTPS sites to first check their site maintenance and if at any time since Dec 2011, OpenSSL Versions 1.0.1a through 1.0.1f were used, then 1.0.1g should be applied and certificates re-keyed or revoked and new ones issued. If OpenSSL was replaced certificates still must be re-keyed or revoked and new ones issued. I would like all HTTPS sites to make it publicly clear that they have checked and addressed this to take some of my paranoia away. Even if they did not use Open
×
×
  • Create New...