Heartbleed Bug sweeps internet, leaves many sites vulnerable

A major security flaw, the Heartbleed Bug, has made rounds on HTTPS servers and has caused panic across the web.

The Heartbleed Bug is a serious vulnerability caused by a programming mistake in OpenSSL, the open-source software that provides cryptographic services such as SSL/TLS to applications and services. The error allows attackers to steal website, email, instant messaging and some virtual private networks (VPNs) encrypted information.

heartbleed

Dubbed the Heartbleed Blug because of its implementation in the TLS/DTLS heartbeat extension (RFC6520), this serious error allows any Internet user to access the memory of the systems protected by the various vulnerable versions of OpenSSL. Given how many Web communications use OpenSSL, this leaves much of the Internet vulnerable.

You can use the following site to check your vulnerability:

http://filippo.io/Heartbleed/

If you are vulnerable, a Fixed OpenSSL has been released, which is urgent to deploy.

Posted in