Heartbleed - A serious OpenSSL vulnerability
-
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
Sounds like the hearts of a lot security responsibles are bleeding!
-
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
Sounds like the hearts of a lot security responsibles are bleeding!
Great. We use OpenSSL.
I will never again mention that Dalek Dave was the poster of the One Millionth Lounge Post, nor that it was complete drivel.
-
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
Sounds like the hearts of a lot security responsibles are bleeding!
ugh. What a world class pain in the ass THIS is going to be for the next couple/few months.
-
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
Sounds like the hearts of a lot security responsibles are bleeding!
Indeed, this one was quite serious. Apparently lot of big names, including sites from Alexa's top 10 were (and some still are) vulnerable. The situation didn't spare CodeProject - some of our subsystems were vulnerable, but over past few hours we have already upgraded them. This is still unofficial, as we need to double and triple check all the servers and submodules, but so far all modules which we've reviewed are patched.
-
Indeed, this one was quite serious. Apparently lot of big names, including sites from Alexa's top 10 were (and some still are) vulnerable. The situation didn't spare CodeProject - some of our subsystems were vulnerable, but over past few hours we have already upgraded them. This is still unofficial, as we need to double and triple check all the servers and submodules, but so far all modules which we've reviewed are patched.
Ruh roh Raggy. This bug is actually pretty terrifying.
-
Indeed, this one was quite serious. Apparently lot of big names, including sites from Alexa's top 10 were (and some still are) vulnerable. The situation didn't spare CodeProject - some of our subsystems were vulnerable, but over past few hours we have already upgraded them. This is still unofficial, as we need to double and triple check all the servers and submodules, but so far all modules which we've reviewed are patched.
:thumbsup: I hope you find every lingering unpatched version in your systems :) But still a pretty scary bug... considering that basically the whole traffic to OpenSSL could have been compromised for years... I guess the NSA and the like were pretty grateful for that bug :~
-
Indeed, this one was quite serious. Apparently lot of big names, including sites from Alexa's top 10 were (and some still are) vulnerable. The situation didn't spare CodeProject - some of our subsystems were vulnerable, but over past few hours we have already upgraded them. This is still unofficial, as we need to double and triple check all the servers and submodules, but so far all modules which we've reviewed are patched.
One serious consequence is that private keys may have leaked - it is worth considering re-registering for those, as otherwise you're potentially leaving user data exposed.
"If you don't fail at least 90 percent of the time, you're not aiming high enough." Alan Kay.