Heartbleed vulnerability forces users for a password change on many secure websites and services

Thursday, 10 April 2014 00:00

Heartbleed vulnerability forces users for a password change on many secure websites and services

The bug that is known as Heartbleed is a really serious vulnerability for the OpenSSL protocol that allows the attacker to gain access to a system that is affected without being noticed and by leaving no traces.

As heartbleed.com mentions the attackers can then easily read these secure communications and gain access to sensitive data such as passwords and accounts, they can even steal an ssl certificate and impersonate a false host!

Fortunately the bug doesn’t affect all services and providers. The issue was introduced in December 2011 and was closed with OpenSSL 1.0.1g on 7 of April 2014. Fortunately the bug was discovered in the codenomicron security convention and was reported directly to the Openssl team. What follows is a list of the affected and save SSL versions.

OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable

But how to test if my site is affected? A website that can do that is the http://filippo.io/Heartbleed/ but please note sometimes the results are not correct. It is recommended for all users to change their Online passwords just to be safe.

Please note our services are not affected by this bug.

Read 8738 times Last modified on Thursday, 10 April 2014 14:56

Tagged under

1 comment

Comment Link Thursday, 14 May 2015 21:03 posted by Minuman berenergi
It's really a nice and helpful piece of info. I am glad that you just shared this useful info with us.
Please keep us up to date like this. Thanks for sharing.