• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here: Home » OpenSSL and the Heartbleed Bug : The Situation

By Abhishek Ghosh April 14, 2014 3:40 am Updated on April 14, 2014

OpenSSL and the Heartbleed Bug : The Situation

Advertisement

The flaw in OpenSSL for two years has compromised the security of SSL/TTL, possibly allowed unsafe encrypted communications. Most of the regular readers of this website, for the third time in this website’s ~5 years history, was not updating the articles – this website’s article part has no HTTPS urls, then what made many websites like us to pause and take a deeper breath? While most of the OpenSSL and the Heartbleed Bug has been fixed, there are still unknown, undiscovered services which can suddenly take any website’s security to off. Notification about OpenSSL Vulnerability (CVE-2014-0160) rather synonymous to commonman as HeartBleed was publicly known to the system administrators on 8th April, 2014. Today is 14th April. Yet, the red alert about OpenSSL and the Heartbleed Bug has not waned off.

 

OpenSSL, Heartbleed Bug : The Technical Part in Brief

 

OpenSSL is the Open Source implementations of SSL network protocols. If you want to read about the basics on OpenSSL, SSL (Secure Sockets Layer) and TLS (Transport Layer Security) etceteras basic topics, please follow the corresponding linked articles. The question might arrive in your mind, OpenSSL is Free Software option, when we need to bother when actually most website uses a Paid SSL Certificate? If you have a quick look through our guide – How To Install SSL Certificate on Rackspace Cloud Server; you’ll realize the fact – without OpenSSL it is not really possible to implement any paid certificate.
The Heartbleed Bug has become the symbol of the vulnerability discovered by an independent security company, Codenomicon, in collaboration with a researcher Google, Neel Mehta.

 

OpenSSL, Heartbleed Bug : Protocols (in) security?

 

The bug is classified as a buffer over-read, a situation where software allows more data to be read than should be allowed. OpenSSL is a security software that deals to encrypt certain sensitive data – making them not to be intercepted by malicious people and then protect them until their arrival in the destination server takes place.

Advertisement

---

OpenSSL and the Heartbleed Bug

The use of SSL and TTL is now a common practice on the web, especially with regard to services or more generally in areas that require a high level of security like, e-commerce sites, banks multichannel recordings, social networks, email and instant messaging services etc. Padlock icon that appears at the top right in our browser and operating protocols is just to certify that, once certain data is sent, these can not be intercepted / read by the third parties as they are encrypted and viewable only by the recipient of the information on the server that has the corresponding decryption key.

Vim
1
2
// see diff
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db902

Earlier, when the PRISM / Malware activities of Governmental agencies were discovered, people switched to SSL / TLS as the cost of decrypting data will be so high that they will probably not read our private data. So, the discovered things has much importance than thought on 8th April, just like Millions of Android devices found to be unsafe.

With the serious bug found in one of the OpenSSL libraries, all the precautionary measures taken by the protocols. Heartbleed allows the attackers to read memory systems designed to be protected and allows to capture information present in it (from personal password to the decryption keys used by the same server) or intercept any data transit (email, messaging, etc). It is therefore a serious problem and should not be underestimated. Nearly 66% of websites could be affected by this vulnerability: OpenSSL is in fact is the default encryption solution for Apache and nginx.

The OpenSSL version is plagued by Heartbleed 1.0.1f released about two years ago. Following the discovery of Codenomicon was released a security update (1.0.1g) designed just for “to patch” to the problem. The only viable solution is then to apply the patch termination and effectively spread the news so decrease the number of individuals attacked.

As for the high-sounding names, “in the first place” have been confirmed as vulnerable, until the last-update, the website of the FBI (!), Yahoo (even though most of the servers have been updated now) the well-known image hoster Imgur, OKCupid and Eventbrite, Amazon (some parts of the infrastructure have been patched). It is not clearly known why Google, Twitter and Facebook either were not affected by the problem or hidden the facts. Anyway it is recommended to change the old passwords.  The curious readers can also consult the list that Github is currently drafting. SoundCloud was also affected. The bug has been available to hackers for almost two years and a series of thefts may already have been done without leaving any trace. Most speculate that this vulnerability was also used by the U.S. intelligence services, such as the NSA, for the illegal acquisition of information, but this is obviously just conjecture and supposition. Not to forget the coincidence, Google, Twitter and Facebook were not affected and they were fired first by the mass users for supplying personal data of the users to NSA.

This Article Has Been Shared 717 Times!

Facebook Twitter Pinterest

Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to OpenSSL and the Heartbleed Bug : The Situation

  • Installing FestOS on Rackspace Cloud Sites

    Installing FestOS on Rackspace Cloud Sites is easy and within few minutes you can run a nice looking festival special OS on your Rackspace Cloud account.

  • OpenNebula : Open Source Cloud Management Platform

    OpenNebula is an Open Source Cloud Management Platform which provides cloud toolkit for managing specifically the distributed data center infrastructures.

  • Scalable MySQL Database for WordPress with Rackspace Cloud

    Scalable MySQL Database for WordPress is very easy to create as Rackspace allows Cloud Database,so does Amazon. Here is a guide for high performance WordPress.

  • Using Rackspace Database as a Service to Boost WordPress

    Using Rackspace Database as a Service can boost WordPress hosted on unmanaged Servers either internal or external at a low cost simply you are billed for usage.

  • Creating a WordPress Generated Website on Rackspace Cloud Files

    Creating a WordPress Generated Website on Rackspace Cloud Files is tricky as WordPress PHP will not work on Cloud Files. It is nice to have a Edge powered site.

Additionally, performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (24.3K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • What is ChatGPT? February 3, 2023
  • Zebronics Pixaplay 16 : Entry Level Movie Projector Review February 2, 2023
  • What is Voice User Interface (VUI) January 31, 2023
  • Proxy Server: Design Pattern in Programming January 30, 2023
  • Cyberpunk Aesthetics: What’s in it Special January 27, 2023

About This Article

Cite this article as: Abhishek Ghosh, "OpenSSL and the Heartbleed Bug : The Situation," in The Customize Windows, April 14, 2014, February 5, 2023, https://thecustomizewindows.com/2014/04/openssl-and-the-heartbleed-bug/.

Source:The Customize Windows, JiMA.in

PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

Copyright © 2023 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie SettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT