Heartbleed: A Scrambled Egg with Lots of Ham

CVE-2014-0160The sensational headline news this week was “Heartbleed” security flaw, which was covered by most mainstream and tech sites.  It was an old bug that was accidentally introduced, and just discovered recently1. The report got IT professionals scrambling to fix their systems.

At first glance, the bug is benign enough, with chances of hacking the passwords or SSL keys rather slim. However, like any other hacking issues, if someone is determined (and clever) enough to exploit this bug, they may just get a bunch of useful data. Whether or not they can use the hacked data to steal client information, or use it for a phishing site, it’s unclear. Just the thought of the potential leak scares the daylights out of everyone! It’s also proof that the marketing behind this bug was very effective.

Regardless, the actions need to be taken are as follows:

  1. Check with Qualys SSL Analyzer to determine if your site is vulnerable.
  2. If vulnerable, upgrade OpenSSL to version 1.0.1g, or alternatively recompile OpenSSL without the “heartbeat” option (-DOPENSSL_NO_HEARTBEATS).
  3. Recompile or restart the web server to reload the latest OpenSSL libraries.
  4. Test the site(s) with the Qualys SSL Analyzer again.  Also check if site is functional.
  5. With the new OpenSSL, generate a new SSL key, and re-key a new certificate.  Install the new key/certificate in the web server(s).
  6. Urge the users to change their passwords – which they occasionally have to do, anyway.  This step is tricky considering the PR scare that it’s going to generate when admitting the site is vulnerable.  However, the notification is the responsible thing to do.

When the dust settles, we can look back and use this as an important reminder how fragile the Internet is.  Customers are expected to be cautious of their data being transmitted over the Internet, no matter how secure a company claim they’re being kept.

  1. Introduced in 2011 and found out in February 2014 []

Will Windows 8 Save the PC Business?

Windows_8_screenshotPredictions are in already: Windows 8 will be irrelevant. The clues seem to support the suspicion – the masses are already happy with Windows 7. Enterprise already made a substantial investment upgrading to Windows 7. Another migration in 2012 is just too soon.

But putting all that aside, the PC manufacturers need to support Windows 8 because it’s the platform that will finally bring integration of desktop PCs with Tablets1 – especially in an Enterprise environment.  There’s also a good list of new features that will ensure some to upgrade.  Plus, there are millions of new PCs and Laptops to sell, every year.

Windows 8 is still relevant and it will save the PC business.

  1. As demonstrated in Microsoft’s Build Conference 2011 []

Listing Memory Usage by Process

Solaris OS LogoA question asked to me often, “Which processes are using up too much memory?”  I generally use top to figure them out manually.  But there’s a better way to do it, using Solaris pmap command.  I can get a good estimate on the memory usage.  Brandon Hutchinson has a shell script that provides a nice output.  I modified it a little bit to include a column for process owner.

/usr/bin/printf "%-6s %-9s %-13s %s\n" "PID" "Total" "User" "Command"
/usr/bin/printf "%-6s %-9s %-13s %s\n" "---" "-----" "----" "-------"
for PID in `/usr/bin/ps -ef  | /usr/bin/awk '$2 ~ /[0-9]+/ { print $2 }'`
   USER=`/usr/bin/ps -o user -p $PID | /usr/bin/tail -1`
   CMD=`/usr/bin/ps -o comm -p $PID | /usr/bin/tail -1`
   # Avoid "pmap: cannot examine 0: system process"-type errors
   # by redirecting STDERR to /dev/null
   TOTAL=`/usr/bin/pmap $PID 2>/dev/null | /usr/bin/tail -1 | \
   /usr/bin/awk '{ print $2 }'`
   [ -n "$TOTAL" ] && /usr/bin/printf "%-6s %-9s %-13s %s\n" "$PID" "$TOTAL" "$USER" "$CMD"
done | /usr/bin/sort -rn -k2

Note, this script needs to run as “root” for pmap to have permission to examine each process.

Output looks something like this:

PID    Total     User      Command
---    -----     ----      -------
694    25240K    root      /opt/RICHPse/bin/se.sparcv9.5.9
696    5208K     root      /usr/dt/bin/dtlogin
613    4992K     root      /opt/CA/BABcmagt/caagentd
326    4512K     smmsp      /usr/lib/sendmail
260    4440K     root      /usr/sbin/syslogd
269    2440K     root      /usr/sbin/cron
196    2360K     root      /usr/sbin/keyserv
193    2352K     root      /usr/sbin/rpcbind
103    2336K     root      /usr/lib/sysevent/syseventd
235    2224K     root      /usr/lib/nfs/lockd
206    2184K     root      /usr/lib/netsvc/yp/ypbind