<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Very Important Heartbleed in XPERIA archive</title>
    <link>https://community.sony.com.mk/t5/xperia-archive/very-important-heartbleed/m-p/3228204#M380872</link>
    <description>&lt;P&gt;According to Google it only affects 4.1.1. They say they have already issued a patch to Sony for the relevant devices (Xperia M is vulnerable). As far as I know Sony haven't issued anything.&lt;/P&gt;&lt;P&gt;The risk isn't particularly great for phones anyway. The main attack vector is stealing directly off a server and not from phones. The risk for phones is something they're calling "reverse Heartbleed" - someone would have to set up a malicious website, which you then would have to visit and they could in theory retreive data at random from your phone. There's been no evidence that anyone has tried it.&lt;/P&gt;&lt;P&gt;*Edit*&lt;/P&gt;&lt;P&gt;Just ran the test on mine - (4.3, .201). It does use the affected version OpenSSL, but Heartbeats is not enabled, so absolutely fine.&lt;/P&gt;</description>
    <pubDate>Sat, 19 Apr 2014 23:52:51 GMT</pubDate>
    <dc:creator>blackbox</dc:creator>
    <dc:date>2014-04-19T23:52:51Z</dc:date>
    <item>
      <title>Very Important Heartbleed</title>
      <link>https://community.sony.com.mk/t5/xperia-archive/very-important-heartbleed/m-p/3228202#M380870</link>
      <description>Hey guys, Lookout Security send to Google Play an app to Know if our version has problemsi with our Android version, and for me, saysomething that our SSL version is affected for Heartbleed virus. And lookout app security instead to look for an android update or in case of not, inform to Sony about that.&lt;BR /&gt;&lt;BR /&gt;My question is: knows Sony something about that and they are working?&lt;BR /&gt;&lt;BR /&gt;For me, on Monday I will write them in their chat service. I think is good all forum users use that lookout security app to look for this problem and write to Sony.&lt;BR /&gt;&lt;BR /&gt;Here is the Google Play link for lookout Heartbleed app&lt;BR /&gt;&lt;BR /&gt;&lt;A href="https://play.google.com/store/apps/details?id=com.lookout.heartbleeddetector" target="_blank" rel="nofollow noopener noreferrer"&gt;https://play.google.com/store/apps/details?id=com.lookout.heartbleeddetector&lt;/A&gt;</description>
      <pubDate>Sat, 19 Apr 2014 22:08:26 GMT</pubDate>
      <guid>https://community.sony.com.mk/t5/xperia-archive/very-important-heartbleed/m-p/3228202#M380870</guid>
      <dc:creator>Meid</dc:creator>
      <dc:date>2014-04-19T22:08:26Z</dc:date>
    </item>
    <item>
      <title>Re: Very Important Heartbleed</title>
      <link>https://community.sony.com.mk/t5/xperia-archive/very-important-heartbleed/m-p/3228203#M380871</link>
      <description>&lt;P&gt;i doubt that app can do anything..and if it detect heartbleed then what want to do???&lt;/P&gt;&lt;P&gt;as far as i know it attack servers and steal passwords so even that app detect it so nothing we can do then&lt;/P&gt;</description>
      <pubDate>Sat, 19 Apr 2014 22:50:21 GMT</pubDate>
      <guid>https://community.sony.com.mk/t5/xperia-archive/very-important-heartbleed/m-p/3228203#M380871</guid>
      <dc:creator>Danial-mach1</dc:creator>
      <dc:date>2014-04-19T22:50:21Z</dc:date>
    </item>
    <item>
      <title>Re: Very Important Heartbleed</title>
      <link>https://community.sony.com.mk/t5/xperia-archive/very-important-heartbleed/m-p/3228204#M380872</link>
      <description>&lt;P&gt;According to Google it only affects 4.1.1. They say they have already issued a patch to Sony for the relevant devices (Xperia M is vulnerable). As far as I know Sony haven't issued anything.&lt;/P&gt;&lt;P&gt;The risk isn't particularly great for phones anyway. The main attack vector is stealing directly off a server and not from phones. The risk for phones is something they're calling "reverse Heartbleed" - someone would have to set up a malicious website, which you then would have to visit and they could in theory retreive data at random from your phone. There's been no evidence that anyone has tried it.&lt;/P&gt;&lt;P&gt;*Edit*&lt;/P&gt;&lt;P&gt;Just ran the test on mine - (4.3, .201). It does use the affected version OpenSSL, but Heartbeats is not enabled, so absolutely fine.&lt;/P&gt;</description>
      <pubDate>Sat, 19 Apr 2014 23:52:51 GMT</pubDate>
      <guid>https://community.sony.com.mk/t5/xperia-archive/very-important-heartbleed/m-p/3228204#M380872</guid>
      <dc:creator>blackbox</dc:creator>
      <dc:date>2014-04-19T23:52:51Z</dc:date>
    </item>
    <item>
      <title>Re: Very Important Heartbleed</title>
      <link>https://community.sony.com.mk/t5/xperia-archive/very-important-heartbleed/m-p/3228205#M380873</link>
      <description>Blackboss the same as me, I wrote that, it attacks SSL. I posted this, as a information, and the surprise for me is that some people takes like a joke</description>
      <pubDate>Sun, 20 Apr 2014 02:01:48 GMT</pubDate>
      <guid>https://community.sony.com.mk/t5/xperia-archive/very-important-heartbleed/m-p/3228205#M380873</guid>
      <dc:creator>Meid</dc:creator>
      <dc:date>2014-04-20T02:01:48Z</dc:date>
    </item>
    <item>
      <title>Re: Very Important Heartbleed</title>
      <link>https://community.sony.com.mk/t5/xperia-archive/very-important-heartbleed/m-p/3228206#M380874</link>
      <description>&lt;BLOCKQUOTE&gt;&lt;HR /&gt;&lt;A href="https://community.sony.co.uk/t5/user/viewprofilepage/user-id/154149"&gt;@Meid&lt;/A&gt; wrote:&lt;BR /&gt;Blackboss the same as me, I wrote that, it attacks SSL. I posted this, as a information, and the surprise for me is that some people takes like a joke&lt;HR /&gt;&lt;/BLOCKQUOTE&gt;&lt;P&gt;BTW, Heartbleed isn't a virus. It's a bug in a particular&amp;nbsp; version of OpenSSL, or more accurately, the heartbeat service used as part of OpenSSL.&lt;/P&gt;&lt;P&gt;The buggy version of OpenSSL is on the SP, but the heartbeat service is not enabled, so you don't need to do anything.&lt;/P&gt;</description>
      <pubDate>Sun, 20 Apr 2014 14:19:45 GMT</pubDate>
      <guid>https://community.sony.com.mk/t5/xperia-archive/very-important-heartbleed/m-p/3228206#M380874</guid>
      <dc:creator>blackbox</dc:creator>
      <dc:date>2014-04-20T14:19:45Z</dc:date>
    </item>
  </channel>
</rss>

