Heartbleed Bug

heartbleedAlmost everyone is talking about the Heartbleed Bug. But do you know what is Heartbleed Bug is actually and why you should also care about it. The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. The bug allows the hacker to steal protected information such as your passwords, your account details, your emails or anything you saved on server memory. The bug is related to SSL/TLS encryption used to secure the Internet. If any server (Dedicated Hosting or Shared Hosting)has a Heartbleed Bug and use SSL/TLS encryption is likely to be hit by a hacker. Any server which is using a vulnerable versions of the OpenSSL software could be the next target of hackers.

How To Fix It

Here is a good news as well. People who want to secure their server and wants to fix the issue can use this Fixed OpenSSL.  The fixed version of OpenSSL has already been lauched and has to be deployed to fix the issue. Operating system vendors and distribution, appliance vendors, independent software vendors have to adopt the fix and notify their users. Service providers and users have to install the fix as it becomes available for the operating systems, networked appliances and software they use.

How To Run Heartbleed Test

It is really simple to test your website for Heartbleed Bug. All you need to put your URL in the box available on the this page & it will tell you if your website is affected or not.

Most of the people says Heartbleed bug is a design flaw in SSL/TLS protocol specification but in actual it is an implementation problem.

Every website which use OpenSSL SSL/TLS protocol to encrypt the information is likely to be effected by HeartBleed bug. OpenSSL is the most popular open source cryptographic library and many of popular sites on internet, schools sites, social media sites, ecommerce sites, government sites use OpenSSL. All of those sites are required to be tested against the bug and if the bug found a patch is required.

Affected Versions of OpenSSL

Below are the list of affected and non affected versions of OpenSSL

  • OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
  • OpenSSL 1.0.1g is NOT vulnerable
  • OpenSSL 1.0.0 branch is NOT vulnerable
  • OpenSSL 0.9.8 branch is NOT vulnerable

For more information about HeartBleed Bug, Its consequences and how to fix it can be found at http://heartbleed.com/