Category Archives: SSL

Heartbleed Bug

In the news, is the “Heartbleed Bug”.  While it has made the public news, it sadly is not new and based on at least a two year old flaw.

The Heartbleed Bug  exploits a vulnerability (Heartbleed) in the way in which the OpenSSL encryption checks to verify that there is a computer at the end. That process sends a packet of data to check to see if there is a computer on the other end of a process. This is the “heartbeat”.

The bug sends out a disguised heartbeat to get a reply from your computer and tricks it into giving it additional information. This can include memory stored data that can include the encryption key. That key will unlock the encryption code and make the data read easily by anyone. Basically instead of a packet of data being sent that says “Hello are you there?” it becomes “Hello are you there and give me the (encryption) keys to the palace”.

What to do? As always,  change  your password frequently. Ask your hosting service if they have installed the patch. They should have done this  weeks ago, when they were alerted before it hit the general public news.

You can read more here at <a href=”http://www.cnet.com/news/how-to-protect-yourself-from-the-heartbleed-bug/” target=”_blank” rel=”nofollow nofollow”>http://www.cnet.com/news/how-to-protect-yourself-from-the-heartbleed-bug/</a>