I arrived to work this morning to find that the Heartbleed Bug happened.
This is one of the biggest security issues to crop up in a long time – allowing the data normally protected by TLS/SSL to be compromised. This is the kind of data that normally passes securely between clients and protected websites, email services, instant messaging, etc.
Upgrade all your systems now. This is where my well planned day went.
Be sure to restart all services that use OpenSSL (or reboot your servers). A useful command [source] for this post-upgrade is:
grep -l 'libssl.*deleted' /proc/*/maps | tr -cd 0-9\\n | xargs -r ps u
A useful Python script for testing your web servers can be found in this Gist. NB: it’s not just web servers affected – any services with SSL/TLS may be affected.