Virtace's mandate is to enable our clients to work different

Contact us to find out how we can enable your organization to effectively use IT to improve how your business performs.


The Heartbleed Bug

Posted on: April 16th, 2014 by Administrator No Comments

What is it?

The Heartbleed Bug exposes a serious vulnerability in the popular OpenSSL cryptographic software library.heartbleed

This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed Bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

 

How to stop the leak?

As long as the vulnerable version of OpenSSL is in use it can be exploited. A new version of OpenSSL has now been released. Have your IT Service Provider install the fix as it becomes available for the operating systems, networked appliances and software that are in use in your business.

 

Major Sites Affected by the Heartbleed Bug

sites

 

 

Here’s how you test if your application is safe and how to fix vulnerability:
http://www.hak9.com/fix-heart-bleed-bug-centos-ubuntu/

Contact us if you want us to look at your application.

 

Sources:

http://heartbleed.com

http://venturebeat.files.wordpress.com/2014/04/lwg_heartbleed.jpg

Additional Sources:

https://www.openssl.org/news/secadv_20140407.txt

https://www.cert.fi/en/reports/2014/vulnerability788210.html

Tags: ,

Leave a Reply