heartbleed openssl critical security vulnerability alert

SSL Heartbleed is critical security vulnerability discovered on widely used OpenSSL website security software. The issue is discovered OpenSSL 1.0.1 through 1.0.1f inclusive that was released on 2012. An error on the software allows an attacker to trick the server to release a substantial memory repeatedly. The leaked memory is likely to contain sensitive information, for example server private keys for encryption, usernames and passwords. If those are compromised, the security of the server and any data on the server could be compromised. The vulnerable functions are identified as tls1_process_heartbeat() in ssl/t1_lib.c and dtls1_process_heartbeat() in ssl/d1_both.c.
The impact of this leak can be substantial to companies and individuals since OpenSSL is widely used all the secure websites including shopping sites, social networking sites, private company sites, and other secure internet websites. Most notable software using OpenSSL are the open source web servers like Apache and nginx that are widely used by companies and web hosting providers.

The fix for this issue is currently worked on by the OpenSSL team so the latest fixed version 1.0.1g or newer should be used. If this is not possible software developers can recompile OpenSSL with the handshake removed from the code by compile time option -DOPENSSL_NO_HEARTBEATS.

The only secure thing to do at this point is to avoid using sites are using OpenSSL.

Filippo.io has developed a tool to check if any site is vulnerable or not. Use the link bellow to use this tool:
HeartBleed Test Tool

Publisher: abdirahman isse

Share this post