Any risk of Heartbleed OpenSSL bug with Data Domain 640?

Good question, though I'm not worried.  My DDOS uses OpenSSH_5.6p1, OpenSSL 0.9.8w 23 Apr 2012.  As affected versions are up to 1.0.1 I would say yes.  You can find your version of OpenSSL by going to priv mode and typing se ssh -v afterwards. Why I'm not worried?  Because my DD is closed system in closed network and there are no credit cards or gateways via mine DD boxes.  While I believe DD is affected, I see no hurry to update them. Hype is big and this is because public services dealing with your money (aka credit cards) are affected, but when it comes to DD I fail to see the risk for now.

EDIT: See previous post.  It is just 1.0.1 series affected and not up to 1.0.1 as I claimed originally - so no worries.

your DMZ box gets hacked, then from there they start scanning for other vulnerable systems.

I don't run DD in DMZ   But even so, DMZ (at least the way we have it) is protected in such way that I see no easy way to get it - especially not using DD.  Chances are it is possible, but it would require someone who really is dedicated to this specific task and company.  When I think about all those apache servers on OS and applications which are there for years unpatched, this bug seems almost nothing to me.

i wonder what DD uses to give us that fancy Enterprise Manager GUI, tomcat/apache ?

Hi all,

I'd like to invite everyone to join us on Monday, May 19 to our continued Heartbleed discussion: Ask the Expert - Heartbleed: What It Is & How to detect it using RSA Security Analytics Also, make sure to watch our video introduction about Heartbleed detection.

RSVP today to reserve your spot and receive a reminder.

See you there!