Have you been affected by the Heartbleed bug?
“The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.” – Heartbleed
After the initial announcement (or when I actually found out about it), I started testing some of my web sites and hosting providers using Filippo’s tool.
My host, Hostgator, was really fast in fixing and patching the servers with the latest OpenSSL source.
1. Check your site (or host, or cPanel, or Plesk) using Filippo’s tool.
2. Contact your host if you notice any vulnerability.
3. Change your password (do it anyway).
4. Pat yourself on the back.
If you’re using Chrome, try using the Chromebleed extension. It will send the current web site to an Amazon hosted address, test it against SSL vulnerabilities and return a notice/warning. It may not work instantly, so make sure you log in, log out, and refresh the current site several times.
Read this article by Bruce Schneier as it contains some interesting links and opinions.
Once a week or so we send an email with our best content. We never bug you, we just send you our latest piece of content.
If you found any value in this post, agree, disagree, or have anything to add - please do. I use comments as my #1 signal for what to write about. Read our comment policy before commenting! Comments such as "Thank you!", "Awesome!", "You're the man!" are either marked as spam or stripped from URL.