A critical vulnerability with OpenSSL, known as “The Heartbleed Bug” was recently announced that could potentially effect your web-host or servers and which can directly impact your website. Contact your web-host if you are on shared hosting or upgrade your OpenSSL if your website is independently on servers.
What is Heartbleed Bug?
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
Is your website safe?
If you are running certain versions of OpenSSL on your Linux server, you may be at risk. Run the test at http://filippo.io/Heartbleed/
How To Check?
Go to the above mentioned link and find the insert text type box. Place your website address or to be very exact your website’s control panel address.
What is the CVE-2014-0160?
CVE-2014-0160 is the official reference to this bug. CVE (Common Vulnerabilities and Exposures) is the Standard for Information Security Vulnerability Names maintained by MITRE. Due to co-incident discovery a duplicate CVE, CVE-2014-0346, which was assigned to us, should not be used, since others independently went public with the CVE-2014-0160 identifier.
Why it is called the Heartbleed Bug?
Bug is in the OpenSSL’s implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server.
What makes the Heartbleed Bug unique?
Bugs in single software or library come and go and are fixed by new versions. However this bug has left large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease of exploitation and attacks leaving no trace this exposure should be taken seriously.
To know more about heart bug logon to the official informative website: http://heartbleed.com/
