Skip to main content

Heartbleed web security bug : how to secure yourself??

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
image source:http://www.digitaltrends.com/wp-content/uploads/2012/01/password-cracking-shutterstock.jpg

What leaks in practice?

We have tested some of our own services from attacker's perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.

How to stop the leak?

As long as the vulnerable version of OpenSSL is in use it can be abused. Fixed OpenSSL has been released and now it has to be deployed. Operating system vendors and distribution, appliance vendors, independent software vendors have to adopt the fix and notify their users. Service providers and users have to install the fix as it becomes available for the operating systems, networked appliances and software they use.

source:Heartbleed.com
Labels:

Comments

Post a Comment

Popular posts from this blog

Apple Special Event - 10 September 2019

And Yes! with their well known September Special Event Apple is once again Live from Steve Jobs Theatre, Apple Park, Cupertino to bring the awesomeness into your lives with their smartly built devices. This time Tim wants to focus your eyes on the newly launched Apple Arcade service and this service is at jaw dropping price of $4.99 per month not only for you, but your full family. Let's see what's next in line surprises: Arcade:  Apple informed about this service in their previous event. Apple's newly launched gaming service with the amazing games of all time. Highlights of this service is that it's available from September 19 at very amazing price of $4.99 per month for the whole family. TV+: Apple took this service as well in last event. It's also available from the same, September 19 at the same price of $4.99 per month for the whole family.  iPad & iPadOS: iPad (source: apple.com) A new iPad to take the place in iPads family. iPa...
Post a Comment
Read more

Qualcomm Introduces 802.11ac Wi-Fi with Multi-user MIMO to Triple Network and Device Performance and Efficiency

MU-MIMO is a revolutionary new way for Wi-Fi networks to operate. With standard Wi-Fi, clients are served sequentially; during this time, only one device is sending and receiving information, thus only a small portion of network capacity is being used. The accumulation of these sequential events creates a drop in throughput and capacity as more devices join the network. This situation can be further exacerbated when combined with the growing amount of on-demand high resolution video content. MU-MIMO enables simultaneous transmission to groups of clients, making more efficient use of available Wi-Fi network capacity and speeding up transmissions. “Great connectivity is not just about increasing the absolute speed. It’s about making better use of network and airtime efficiency to support the growing number of connected devices, services and applications,” said Dan Rabinovitsj, senior vice president, Qualcomm Atheros, Inc. “After seven years of MU-MIMO development and testing, we’ve gain...
Post a Comment
Read more

Apple Special Event September 2018

From the Steve Jobs Theatre once again, just after an year of the iPhone X launch. Apple brings the smartest gadgets ? not the right word for Apple Devices, the smartest machines! The first device of the day, Apple Watch Series 4 This smartest machine bring us the first ever ECG machine just right in your wrist. It will give you the best precision of your heart rate justify by Dr. Ivor J. Benjamin, President - American Heart Association and clearance by FDA, US. Apple watch series 4 (source apple.com) You can start ordering Apple Watch from September 14 and can get in your hand from September 21 Special Features 32% and 35% larger display Slimmer design ECG (Electrocardiogram) Watch OS 5 (Will be available from September 24) Brand new Golden Finish Now it's time for the most awaiting result from the Apple Engineering and Design the one and only iPhone (XS and XS Max) After an year with 98% customer satisfaction Apple is standing with the next level ...
Post a Comment
Read more