Heartbleed Vulnerability

The Heartbleed bug has been in the news lately. This bug is a serious vulnerability in the OpenSSL cryptographic software. OpenSSL was formed in 1998 to invent a free set of encryption tools for the code used on the Internet. As of 2014 two out of three webservers use it.

 

Security engineers recently discovered the Heartbleed Bug while improving the SafeGuard feature in a defense security testing tool. Heartbleed leads to the leak of the memory contents from server to the client and from the client to the server.  Exploitation of this bug does not leave any trace of anything happening to the logs.

 

There is already a patch out there to fix it, but it’s up to each company to implement it into their infrastructure.  Many of them already have, but you won’t know it until you hear from them. You can check the website addresses that you visit frequently yourself with a free tool like http://tif.mcafee.com/heartbleedtest.

 

As websites patch their servers you will see that you need to log in and reset your password, if they email you asking you to, that should be done right away. There is no need to change it until the bug has been patched as the site will remain vulnerable until patched. Also if you host your own website, web services or email services make sure you have this patch in place.

 

Remember we are here to help. If you have any additional questions about this topic or anything in an IT related field feel free to call upon us.