‘Heartbleed’ Bug

As many of you probably have heard researchers have uncovered an extremely critical vulnerability in recent versions of OpenSSL, a technology that allows millions of Web sites to encrypt communications with visitors. Complicating matters further is the release of a simple exploit that can be used to steal usernames and passwords from vulnerable sites, as well as private keys that sites use to encrypt and decrypt sensitive data.

What Should You Do

We are currently working on this and changes will be made where needed. If you require any assistance please call us.

To change you email passwords please contact us.

From Heartbleed.com:

“The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users.”

An advisory from Carnegie Mellon University’s CERT notes that the vulnerability is present in sites powered by OpenSSL versions 1.0.1 through 1.0.1f. According to Netcraft, a company that monitors the technology used by various Web sites, more than a half million sites are currently vulnerable. As of this morning, that included Yahoo.com, and — ironically — the Web site of openssl.org. This list at Github appears to be a relatively recent test for the presence of this vulnerability in the top 1,000 sites as indexed by Web-ranking firm Alexa.

An easy-to-use exploit that is being widely traded online allows an attacker to retrieve private memory of an application that uses the vulnerable OpenSSL “libssl” library in chunks of 64kb at a time. As CERT notes, an attacker can repeatedly leverage the vulnerability to retrieve as many 64k chunks of memory as are necessary to retrieve the intended secrets.

Jamie Blasco, director of AlienVault Labs, said this bug has “epic repercussions” because not only does it expose passwords and cryptographic keys, but in order to ensure that attackers won’t be able to use any data that does get compromised by this flaw, affected providers have to replace the private keys and certificates after patching the vulnerable OpenSSL service for each of the services that are using the OpenSSL library [full disclosure: AlienVault is an advertiser on this blog].

It is likely that a great many Internet users will be asked to change their passwords this week (I hope). Meantime, companies and organizations running vulnerable versions should upgrade to the latest iteration of OpenSSL – OpenSSL 1.0.1g — as quickly as possible.

Look who’s talking…

Estimated Read Time: 5 minutes

See more articles in…

Sharing is caring!

What’s good, What’s great and What’s new

  • cause marketing

    12 Best Cause Marketing Campaigns – 2022 Roundup

    Advertisers and marketers across the world are constantly trying to find new ways to show how a brand is up to date, educated and sensitive, all whilst standing out from the crowd. Cause-related marketing has become a way for brands to show how they align with social values in a variety of ways. What is […]

    Read more
  • What happened in October 2022

    Search Updates – October ’22 Changes

    October was another update-packed month, with mobile SERP updates, UA 360 date changes, and a major YouTube update.

    Read more
  • Google search from mobile

    How to Change Your Site Name and Favicon in Mobile SERP

    Google has changed the mobile SERPs again – we’ll show you how to easily set your site name and favicon in the search result snippets.

    Read more
  • Hero Image

    The End of Universal Analytics: When Will UA be Deprecated?

    With Google’s official announcement confirming when Universal Analytics will be replaced with GA4 for good, this blog will answer your burning questions.

    Read more
  • ‘Heartbleed’ Bug

    Google Search Updates – November ’22 Changes

    Although the Christmas countdown has begun and the year is beginning to wind down, the world of search certainly has not! From AR features paving the way in search to unconfirmed search updates, discover what’s new and exciting in search in November 2022. Site Name and Favicon SERP Change Makes Its Way to Desktop If […]

    Read more
/cookies/1