adsense

Monday 21 April 2014

HEARTBLEED



Hey guys, we are going to be looking at the internet stunner bug populary known as the Heartbleed. Yeah, a lot of you guys have been hearing about it so I would like to make the name make a meaning to you today and for those of you who know about it already, I guess you just going to be adding to your already acquired knowledge.

The Heartbleed  Bug is a serious vulnerability in the popular OpenSSl cryptographic software library. This weakness allows stealing of our ‘so called’ protected information. SSL/TLS protects our information under normal conditions by provides communication security and privacy over the internet for applications such as web, email, i.m, and some virtual private networks.

The Heartbleed Bug allows anyone on the internet to read the memory of the systems protected by the OpenSSl software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications and steal data directly from the services and users to impersonate services and users

Unluckily for us, unlike other bugs that come and go, same thing has been done to this particular bug with the release of a newer version but it leaves a big scar on the internet because it has left amount of private keys and other secrets exposed to the internet.

As long as the vulnerable version of OpenSSl is in use it can be abused. Fixed OpenSSl has been released and now it has been deployed. Operating system vendors and distribution, appliance vendors, independent software vendors have to adopt the fix and notify their users. Service providers and users have to install the fixes as it becomes available for the operating systems, networked appliances and software they use

Google security researcher Neel Mehta was the first to discover Heartbleed though it has been found that the Hearbleed flaw has been in in OpenSSl for two years. The Bug was introduced to OpenSSl in December 2011 and has been out in the wild since OpenSSl release 1.0.1 on the 14th of March 2012. OpenSSl 1.0.1g released on 7th of April 2014 fixes the bug

According to Google all android version are immune to the Heartbleed bug except for jelly bean 4.1.1. So if what google says is anything to go buy, about 10 million users of the Android OS would be affected.

My heart is currently bleeding from the effect of Heartbleed *winks*. Please guys let’s try to quickly upgrade our phone’s OS in time.

Please remember to drop your comments and subscribe.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)