0 Liked

    Is your Heartbleeding?

    The Heartbleed bug, officially referenced as CVE-2014-0160, is already being coined as one of the biggest security threats since the mass adoption of the Internet – affecting millions of websites and services, including credit-card numbers, email accounts and a wide range of online commerce.

    Heartbleed is a security bug in the OpenSSL cryptography library, which is widely used to secure Internet sites and applications. The OpenSSL “Heartbleed” vulnerability allows hackers to steal information protected by the SSL/TLS encryption (it provides communication privacy and security on the Internet when it comes to email, web, IM or virtual private networks).

    Shortly speaking, Heartbleed shares the memory of a system protected by OpenSSL to anyone on the Internet.

    Dr Seggelmann, of Münster in Germany, said the bug which introduced the flaw was “unfortunately” missed by him and a reviewer when it was introduced into the open source OpenSSL encryption protocol over two years ago.

    Who reported it?

    According to OpenSSL, it was Neel Mehta from Google’s security team that reported the problem in the beginning of April. What’s really scary is that the bug slipped under the radar for so long.

     

    Am I affected by Heartbleed?

    To check if your website or application is vulnerable you can use Metasploit’s Brand New Heartbleed Scanner Module.

    If you would like to check Open-E DSS V7, here’s an example of how to install Metasploit Framework on Ubuntu.

     

    Is Open-E software safe?

    Our team of developers tested the products with Metasploit’s Brand New Heartbleed Scanner Module and guarantee that all Open-E Data Storage Software products are secure. There is no need to update software or change passwords.

     

    CC Image courtesy of xkcd.com

     

    Read more about the OpenSSL “Heartbleed” Vulnerbility:

    http://heartbleed.com/

    http://en.wikipedia.org/wiki/Heartbleed

    Rating: / 5.

    No votes yet

    Leave a Reply