Berita

Berita

Heart Bleed Bugs

Heart Bleed Bugs

Tarikh : 29 April 2014

Dilaporkan Oleh : WebMaster

Kategori : News


Share

https connection vulnerabilities in some version from openssl.

What is The Heartbleed Bug
 
The Heartbleed Bug is a serious vulnerability in OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. 
 
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. 
 
This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
 
How bad it is?
 
It’s really bad. Web servers can keep a lot of information in their active memory, including user names, passwords, and even the content that user have uploaded to a service. According to Vox.com’s Timothy Lee, even credit card numbers could be pulled out of the data sitting in memory on the servers that power some services.
 
But worse even than that, the flaw has made it possible for hackers to steal encryption keys, the codes used to turn gibberish encrypted data into readable information.
 
With encryption keys, hackers can intercept encrypted data moving to and from a site’s servers and read it without establishing a secure connection. This means that unless the companies running vulnerable servers change their keys, even future traffic will be susceptible.
 
Am I affected?
 
Probably, though again, this isn’t simply an issue on your computer or phone itself — it’s in the software that powers the services you use. Security firm Codenomicon reports:
 
You are likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company’s site, commercial site, hobby site, sites you install software from or even sites run by your government might be using vulnerable OpenSSL.
 
According to a recent Netcraft web server survey that looked at nearly 959,000,000 web sites, 66% of sites are powered by technology built around SSL, and that doesn’t include email services, chat services, and a wide number of apps available on every platform.
 
So what can I do to protect myself?
 
Since the vulnerability has been in OpenSSL for approximately two years and utilizing it leaves no trace, assume that your accounts may be compromised. You should change passwords immediately, especially for services where privacy or security are major concerns.
 
Meanwhile, the researchers who discovered the flaw let the developers behind OpenSSL know several days before announcing the vulnerability, so it was fixed before word got out yesterday. Most major service providers should already be updating their sites, so the bug will be less prevalent over coming weeks.
 
 
how to check either the website is vulnerable to heartbleed or not.
check with this website.
 
https://filippo.io/Heartbleed/