Basic
Basic

Simple page

Corporate
Corporate

corporate

E-shop
E-shop

eshop

Thursday, 10 April 2014 00:00

Heartbleed vulnerability forces users for a password change on many secure websites and services

heartbleedThe bug that is known as Heartbleed is a really serious vulnerability for the OpenSSL protocol that allows the attacker to gain access to a system that is affected without being noticed and by leaving no traces.  

As heartbleed.com mentions the attackers can then easily read these secure communications and gain access to sensitive data such as passwords and accounts, they can even steal an ssl certificate and impersonate a false host!

Fortunately the bug doesn’t affect all services and providers. The issue was introduced in December 2011 and was closed with OpenSSL 1.0.1g on 7 of April 2014. Fortunately the bug was discovered in the codenomicron security convention and was reported directly to the Openssl team. What follows is a list of the affected and save SSL versions.

  • OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
  • OpenSSL 1.0.1g is NOT vulnerable
  • OpenSSL 1.0.0 branch is NOT vulnerable
  • OpenSSL 0.9.8 branch is NOT vulnerable

But how to test if my site is affected? A website that can do that is the http://filippo.io/Heartbleed/ but please note sometimes the results are not correct. It is recommended for all users to change their Online passwords just to be safe.

Please note our services are not affected by this bug.

 

Read 3190 timesLast modified on Thursday, 10 April 2014 14:56

1 comment

  • Comment LinkMinuman berenergiThursday, 14 May 2015 21:03posted byMinuman berenergi

    It's really a nice and helpful piece of info. I am glad that you just shared this useful info with us.
    Please keep us up to date like this. Thanks for sharing.

Leave a comment