Heartbleed

[chrlshlmn 36]

Is Eset impacted by the heartbleed bug?Thank you very much.

[Arakasi 549]

Hi ,

 

See these threads here : https://forum.eset.com/topic/2252-heartbleed-and-vulnerble-sites/?hl=heartbleed

 

https://forum.eset.com/topic/2290-bugs-in-heartbleed-detection-scripts/?hl=heartbleed

[SweX 871]

Hi Chris.

 

Short answer.....no it is not. Also see the threads by Arakasi for more information.

[chrlshlmn 36]

Thanks to Arakasi and SweX for your response and short answer.  

[xxJackxx 101]

In my browsing of various forums I have discovered that Kaspersky is in the process of releasing a patch that includes a fix that relates to heartbleed because their product makes use of a vulnerable version of the OpenSSL library libeay32.dll. After discovering this I found that Norton products also contain such components to connect to their own servers. Does/did ESET make use of any of these OpenSSL libraries? I'm sure the risk is small but this has been promoted as a server only problem (maybe an Android problem) but I am coming to find that many other products use that dll on Windows machines including Adobe products and some security suites as mentioned. I'm wondering what the potential scope of this problem actually is.

[geosoft 18]

As far as I know, ESET makes use of the certificate store within Windows to manage/detect SSL traffic, therefore wouldn't be affected to heartbleed.

[xxJackxx 101]

As far as I know, ESET makes use of the certificate store within Windows to manage/detect SSL traffic, therefore wouldn't be affected to heartbleed.

Sounds good. Is there a staff member that can verify this?

[SweX 871]

 

As far as I know, ESET makes use of the certificate store within Windows to manage/detect SSL traffic, therefore wouldn't be affected to heartbleed.

Sounds good. Is there a staff member that can verify this?

 

Bump.  

 

I'm sure there are more users that are wondering about this. 

Edited April 30, 2014 by SweX