Home Web  
17 Apr

The Heartbleed – One of the biggest security issue in the world wide web

heartbleed

The Heartbleed bug is one of the biggest security issue in the world wide web. The Heartbleed bug permits anyone on the web to browse the memory of the systems protected by the vulnerable versions of the OpenSSL package. SSL is short form of Secure Sockets Layer, a protocol for transmitting secure data via the Internet. You can easily recognise whether SSL is in use on a website. URLS that require an SSL connection start with https instead of http. OpenSSL is an open-source implementation of SSL. The Heartbleed bug enables attackers to pay attention to communications and steal information directly from the services and users from OpenSSL.

Google’s security team reported Heartbleed on April 1, 2014. Security company Codenomicon gave Heartbleed a reputation and a emblem, tributary to public awareness of the difficulty.

Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL released 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug. So we can fix the problem using the right way. Upgrade OpenSSL to the latest version (OpenSSL 1.0.1g ) by server side .

Heartbleed went undetected for the past 2 years, and nobody is aware of who might have identified regarding it throughout that point or what they are doing. Currently that’s got into the open, up to a 0.5 million trustworthy websites—including many who individuals use a day, like GitHub, Yahoo, Facebo ok, Google, Wikipedia, Amazon, Twitter, Apple and Stack Overflow. They have been scrambling to patch the flaw and update their security protocols to shield users. The Canadian federal government quickly shut down online services of the Canada Revenue Agency (CRA) and a number of other government departments over Heartbleed bug security issues on April 8 2014. They made announcements recommending that users update passwords in response to the bug .

Security researcher Steve Gibson stated “it’s not just a server-side vulnerability, it’s also a client-side vulnerability because the server, or whomever you connect to, is as able to ask you for a heartbeat back as you are to ask them.” Google has confirmed that Android version 4.1.1 (Jelly Bean) has the Heartbleed bug. This affects approximately 50 million Android devices and remains unpatched.

Change your passwords on vulnerable sites immediately and change password again when the sites fix their server issues.

Heartbleed Testing Tools:

Norton Safeweb Heartbleed Check Tool
Heartbleed test
SSL Configuration Checker

Reference:

http://heartbleed.com
http://en.wikipedia.org/wiki/Heartbleed

Follow me

Sanju

I’m Sanjunath.S from Mumbai, India. I like web technologies, traveling & history. I have 7+ years experience in web technologies like HTML 5, CSS 3, JavaScript, Bootstrap and PHP.
Follow me

About Sanju

I’m Sanjunath.S from Mumbai, India. I like web technologies, traveling & history. I have 7+ years experience in web technologies like HTML 5, CSS 3, JavaScript, Bootstrap and PHP.