Heartbleed(Bug) Vulnerability OpenSSL

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software.


Heartbleed

This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names, and passwords of the users, and the actual content.

This allows attackers to eavesdrop on communications, steal data directly from the services and users, and to impersonate services and users.

Who Discovered it?

Heartbleed, discovered by a Google engineer, caused widespread panic and a furious round of server patching by companies worldwide.

The security kink impacts OpenSSL, open-source software for encrypting information across the Web, and, if exploited, can leak account log-in details and passwords.

How this bug is different

What made this bug different: its inherent nature within the OpenSSL framework, which is used by thousands of websites, left huge numbers of servers on the Web exposed.

Even a decade from now, though, I still expect to find thousands of systems, including critical ones, still vulnerable.

A British Cabinet spokesman recommended that “People should take advice on changing passwords from the websites they use.

Most websites have corrected the bug and are best placed to advise what action if any, people need to take.

On the day of disclosure, the Tor Project advised anyone seeking “strong anonymity or privacy on the Internet” to “stay away from the Internet entirely for the next few days while things settle. Checkout The Heartbleed Bug – Old Bugs Die Hard.

Solution

Related Posts

Author: Srini

Experienced software developer. Skills in Development, Coding, Testing and Debugging. Good Data analytic skills (Data Warehousing and BI). Also skills in Mainframe.