Development News

Are you affected by the Heartbleed bug?

Heartbleed bug logo

If you are a sys admin or a web master or an internet entrepreneur owning a website, you probably know about the recently discovered bug in the popular open source library Open SSL.

For people who do not know about it, let me put it in simple words. Very recently, on 7th April, 2014, a serious vulnerability has been discovered in Open SSL library (a popular open source library used for secure access to websites & servers on the Internet. It is used by Google, Yahoo, Amazon and almost all popular websites on the Internet). This vulnerability allows a hacker to steal private certificates, user passwords and sensitive data from your website or server. It is a serious bug registered under CVE system as CVE-2014-0160.

Here is what Wikipedia says …

Heartbleed is a security bug in the open-source OpenSSL cryptography library, widely used to implement the Internet’s Transport Layer Security (TLS) protocol. A fixed version of OpenSSL was released on April 7, 2014, at the same time as Heartbleed was publicly disclosed. At that time, some 17 percent (around half a million) of the Internet’s secure web servers certified by trusted authorities were believed to be vulnerable to the attack, allowing theft of the servers’ private keys and users’ session cookies and passwords.

We managed to test all our clients applications and servers if they are affected by this bug before there is any serious damage. Thanks to Vijay and his team for quickly identifying and acting on this.
We have hosted a simple utility which allows you to test for the Heartbleed vulnerability on your website (http://heartbleedtester.org/)

If you are a geek and love digging deep, read this unofficial guide which explains the vulnerability in detail.

If you are stuck fixing this bug on your servers or want to check if you are affected, we’ll be happy to help you. Get in touch to talk to our server security expert.

 

Leave a Reply

Your email address will not be published. Required fields are marked *