Skip to main content

Heartbleed web security bug : how to secure yourself??

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
image source:http://www.digitaltrends.com/wp-content/uploads/2012/01/password-cracking-shutterstock.jpg

What leaks in practice?

We have tested some of our own services from attacker's perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.

How to stop the leak?

As long as the vulnerable version of OpenSSL is in use it can be abused. Fixed OpenSSL has been released and now it has to be deployed. Operating system vendors and distribution, appliance vendors, independent software vendors have to adopt the fix and notify their users. Service providers and users have to install the fix as it becomes available for the operating systems, networked appliances and software they use.

source:Heartbleed.com
Labels:

Comments

Post a Comment

Popular posts from this blog

Apple Special Event - 10 September 2019

And Yes! with their well known September Special Event Apple is once again Live from Steve Jobs Theatre, Apple Park, Cupertino to bring the awesomeness into your lives with their smartly built devices. This time Tim wants to focus your eyes on the newly launched Apple Arcade service and this service is at jaw dropping price of $4.99 per month not only for you, but your full family. Let's see what's next in line surprises: Arcade:  Apple informed about this service in their previous event. Apple's newly launched gaming service with the amazing games of all time. Highlights of this service is that it's available from September 19 at very amazing price of $4.99 per month for the whole family. TV+: Apple took this service as well in last event. It's also available from the same, September 19 at the same price of $4.99 per month for the whole family.  iPad & iPadOS: iPad (source: apple.com) A new iPad to take the place in iPads family. iPa...
Post a Comment
Read more

Firefox OS Coming Soon to Asia Pacific

After Mozilla and Spreadtrum announced plans to redefine the smartphone entry level at MWC 2014, the turnkey solution for Firefox OS smartphones in the ultra-low-cost category is now available, and sample devices utilizing Spreadtrum chipsets will be demonstrated at Mobile Asia Expo. Mozilla has partnered with Intex and Spice, two of India’s leading mobile device brands, to bring the first Firefox OS devices to India in the next few months. “Intex is excited to announce its association with Mozilla which will enable us to develop unparalleled smart devices on the latest Firefox OS platform,” said Mr. Sanjay Kumar Kalirona, Business Head, Mobile, Intex Technologies (India) Ltd. “The platform will give us an edge in upgrading buyers from feature phones to smartphones while making it affordable for the mass market. This will propel our devices to be much more than a way to use the Web, but take the engagement further and develop the Web as a mobile platform.” Image: Sample device w...
Post a Comment
Read more

Apple iOS 7.1

Apple released its new version iOS 7.1 publicly, now you can enjoy a new improved interface of your iPhone. The new version is packed with interface refinements, bug fixes, improvements and some other new features. In new features Apple introduced Apple Car Play using which you have a smarter, safer way to make calls, get directions or play music from your iPhone while in the car. Siri is improved and smartly understands when it has to stop listening. Camera now can automatically enable HDR on your iPhone. Calendar events are better than ever you experienced on your iPhone. Touch ID fingerprint recognition is now improved in iOS sometimes the home screen crashing problem is appeared but don't worry this bug is now fixed. So what you are thinking ???? Pick your iPhone and update it today. Note: Currently this update is available in few countries. Check the availability of features here .
Post a Comment
Read more