You must have come across this word Heartbleed somewhere. It seems to be one of the latest sensational news on the security news. Here is the heartbleed logo for you.
Looks familiar ? Yes i know, if i had a dollar everytime i see this image i would've had atleast a few hundreds of them. Not kidding.
A liitle insight
It is nothing but a bug. But don't just judge the impacts by the sound of it, since it looks decieving. I hope you know about the OpenSSl library. If not have a quick read here. It is a cryptographic library which has the SSL and TLS protocol implementation. In non technical words it is similar to a security software.
Heartbleed is a bug that is exploited in the OpenSSL. It allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software.
Here's a terribly simple and awesome picture by xkcd explaining the Heartbleed
It means all the private keys(user certificate keys, usernames, passwords,etc), user information everything that are protected by the TLS can be exploited. Then anyone can impersonate you in the internet and do whatever they want. To put in the proper way, your information and identity can be stolen which means you are officially screwed.
Solution
Users need to update OpenSSL 1.0.1g. I recommend you doing it immediately unless you are planning on donating all your information and money to the anonymous. Here is the official Heartbleed fix details. Intimate your service providers if they have not installed the patch for the Heartbleed. Make this OpenSSL upgrade as your top priority since it can hearbleed you ! Good time.
Looks familiar ? Yes i know, if i had a dollar everytime i see this image i would've had atleast a few hundreds of them. Not kidding.
A liitle insight
It is nothing but a bug. But don't just judge the impacts by the sound of it, since it looks decieving. I hope you know about the OpenSSl library. If not have a quick read here. It is a cryptographic library which has the SSL and TLS protocol implementation. In non technical words it is similar to a security software.
Heartbleed is a bug that is exploited in the OpenSSL. It allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software.
Here's a terribly simple and awesome picture by xkcd explaining the Heartbleed
It means all the private keys(user certificate keys, usernames, passwords,etc), user information everything that are protected by the TLS can be exploited. Then anyone can impersonate you in the internet and do whatever they want. To put in the proper way, your information and identity can be stolen which means you are officially screwed.
Solution
Users need to update OpenSSL 1.0.1g. I recommend you doing it immediately unless you are planning on donating all your information and money to the anonymous. Here is the official Heartbleed fix details. Intimate your service providers if they have not installed the patch for the Heartbleed. Make this OpenSSL upgrade as your top priority since it can hearbleed you ! Good time.
Good job (Y)
ReplyDelete