Saturday, April 12, 2014

Heartbleed Bug



Even if you read a little about tech news, I doubt you may not have not heard the name Heartbleed bug. It has shaken the internet geeks! But what is this buzz all about?

What is a Heartbleed?

Heartbleed bug is a serious vulnerability in one of the implementation of SSL/TLS cryptography protocol which is OpenSSL. The scary thing is, OpenSSL is used by the 2/3 of the websites on the internet. And this bug went undetected for 2 years.

How serious is this bug?

Quoting the security expert Bruce Schneier,  
            "Catastrophic" is the right word. On the scale of 1 to 10, this is an 11.

What is the risk?

This security bug can allow attacker to read arbitrary 64kb chunk of server memory. The vulnerability lets a hacker access up to 64 kilobytes of server memory, but perform the attack over and over again to get lots of information.  This allows the tracking the username, passwords and cookies. The Heartbleed bug is putting millions of passwords and credit card numbers at risk.

As reported by Mark Loman, he was able to see username and password in plaintext using this vulnerability.


What can I do to make sure I am secure?

If you have access to server, you will need to install latest OpenSSL patch. If you are just a user, you can do nothing until website / web server administrator has fixed the issue. Once the issue is fixed at sites, we recommend you to change your passwords ASAP. To check if the issues is fixed on  aparticular site, check : http://filippo.io/Heartbleed/ .

How do I know if I am not compromised?

Unfortunately, exploitation of this bug leaves no traces of anything abnormal happening to the logs as said on heartbleed.org . You won't find any abnormality in your log if you've been compromised.

Which famous sites were affected by this bug?

Being a most famous SSL implementation, this was being used by most of the website. Few of the famous sites allegedly affected are below:
·         Facebook
·         Instagram
·         Pinterest
·         Tumblr
·         Twitter
·         Google
·         Yahoo
·         Gmail
·         Yahoo Mail
·         GoDaddy
·         Intuit Turbo Tax
·         Dropbox
·         Minecraft
·         OkCupid
·         Stackoverflow

9 comments:

  1. I'm looking for designs for my medical website. I have a lot of people who come through there and it's very bland. I hope to have it fixed soon.
    John Bond | http://www.mednet-tech.com/services/web-design

    ReplyDelete
  2. You are just a user, you can do nothing until website / web server administrator has fixed the issue.

    eSignature

    ReplyDelete
  3. Thanking your for providing such a nice information
    healthcare software development

    ReplyDelete
  4. Get used MRI Scanners and other refurbished equipments used in medical from Masters Medical serving all over India. For more info visit http://www.mastersmed.com/Aboutus.aspx

    ReplyDelete
  5. We at Morigon Technologies pride ourselves in being able to assist healthcare facilities with all their healthcare technology management. The key to our success is to know what our customers expect of us, committing the resources (staffing and management) to ensure successful outcomes and most importantly monitoring our performance with the use of metrics and surveys. We send our highly qualified technicians for Medical Equipment Repair, Medical Forensic Investigation, Hospital Bed Repair and healthcare technology management in the field not only to provide a service but to assure your facility that the life saving equipment you use remains calibrated, ready for use, and patient safe. We accomplish this by providing our technicians with quality NIST calibrated testing equipment to deliver that assurance.

    ReplyDelete
  6. Thank you for this brief explanation.. it's so useful for me


    hip pain treatment

    ReplyDelete
  7. Irrespective of receiving daily oral or future injectable depot therapies, these require health care visits for medication and monitoring of safety and response. If patients are treated early enough, before a lot of immune system damage has occurred, life expectancy is close to normal, as long as they remain on successful treatment. However, when patients stop therapy, virus rebounds to high levels in most patients, sometimes associated with severe illness because i have gone through this and even an increased risk of death. The aim of “cure”is ongoing but i still do believe my government made millions of ARV drugs instead of finding a cure. for ongoing therapy and monitoring. ARV alone cannot cure HIV as among the cells that are infected are very long-living CD4 memory cells and possibly other cells that act as long-term reservoirs. HIV can hide in these cells without being detected by the body’s immune system. Therefore even when ART completely blocks subsequent rounds of infection of cells, reservoirs that have been infected before therapy initiation persist and from these reservoirs HIV rebounds if therapy is stopped. “Cure” could either mean an eradication cure, which means to completely rid the body of reservoir virus or a functional HIV cure, where HIV may remain in reservoir cells but rebound to high levels is prevented after therapy interruption.Dr Itua Herbal Medicine makes me believes there is a hope for people suffering from,Parkinson's disease,Schizophrenia,Cancer,Scoliosis,Fibromyalgia,Fluoroquinolone Toxicity
    Syndrome Fibrodysplasia Ossificans Progressiva.Fatal Familial Insomnia Factor V Leiden Mutation ,Epilepsy Dupuytren's disease,Desmoplastic small-round-cell tumor Diabetes ,Coeliac disease,Creutzfeldt–Jakob disease,Chronic Fatigues Syndrome,Cerebral Amyloid Angiopathy, Ataxia,Arthritis,Amyotrophic Lateral Sclerosis,Alzheimer's disease,Adrenocortical carcinoma.Asthma,Allergic diseases.Hiv_ Aids,Herpes,Inflammatory bowel disease ,Copd,Diabetes,Hepatitis,I read about him online how he cure Tasha and Tara so i contacted him on drituaherbalcenter@gmail.com even talked on whatsapps +2348149277967 believe me it was easy i drank his herbal medicine for two weeks and i was cured just like that isn't Dr Itua a wonder man? Yes he is! I thank him so much so i will advise if you are suffering from one of those diseases Pls do contact him he's a nice man.

    ReplyDelete
  8. i love your blog all i need from your site is to accept my site for backline for google ranking tahnks https://www.bluepillsonlinepharmacy.com/

    ReplyDelete
  9. This blog post will explain the difference between PoC, prototype, and MVP and how to test the assumptions with the minimum set of features. We'll go through each approach in detail and show how the process looks like in practice. https://cxdojo.com/poc-prototype-or-mvp-how-to-achieve-product-market-fit

    ReplyDelete