• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here:Home » OpenSSL and the Heartbleed Bug : The Situation

By Abhishek Ghosh April 14, 2014 3:40 am Updated on April 14, 2014

OpenSSL and the Heartbleed Bug : The Situation

Advertisement

The flaw in OpenSSL for two years has compromised the security of SSL/TTL, possibly allowed unsafe encrypted communications. Most of the regular readers of this website, for the third time in this website’s ~5 years history, was not updating the articles – this website’s article part has no HTTPS urls, then what made many websites like us to pause and take a deeper breath? While most of the OpenSSL and the Heartbleed Bug has been fixed, there are still unknown, undiscovered services which can suddenly take any website’s security to off. Notification about OpenSSL Vulnerability (CVE-2014-0160) rather synonymous to commonman as HeartBleed was publicly known to the system administrators on 8th April, 2014. Today is 14th April. Yet, the red alert about OpenSSL and the Heartbleed Bug has not waned off.

 

OpenSSL, Heartbleed Bug : The Technical Part in Brief

 

OpenSSL is the Open Source implementations of SSL network protocols. If you want to read about the basics on OpenSSL, SSL (Secure Sockets Layer) and TLS (Transport Layer Security) etceteras basic topics, please follow the corresponding linked articles. The question might arrive in your mind, OpenSSL is Free Software option, when we need to bother when actually most website uses a Paid SSL Certificate? If you have a quick look through our guide – How To Install SSL Certificate on Rackspace Cloud Server; you’ll realize the fact – without OpenSSL it is not really possible to implement any paid certificate.
The Heartbleed Bug has become the symbol of the vulnerability discovered by an independent security company, Codenomicon, in collaboration with a researcher Google, Neel Mehta.

 

OpenSSL, Heartbleed Bug : Protocols (in) security?

 

The bug is classified as a buffer over-read, a situation where software allows more data to be read than should be allowed. OpenSSL is a security software that deals to encrypt certain sensitive data – making them not to be intercepted by malicious people and then protect them until their arrival in the destination server takes place.

Advertisement

---

OpenSSL and the Heartbleed Bug

The use of SSL and TTL is now a common practice on the web, especially with regard to services or more generally in areas that require a high level of security like, e-commerce sites, banks multichannel recordings, social networks, email and instant messaging services etc. Padlock icon that appears at the top right in our browser and operating protocols is just to certify that, once certain data is sent, these can not be intercepted / read by the third parties as they are encrypted and viewable only by the recipient of the information on the server that has the corresponding decryption key.

Vim
1
2
// see diff
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db902

Earlier, when the PRISM / Malware activities of Governmental agencies were discovered, people switched to SSL / TLS as the cost of decrypting data will be so high that they will probably not read our private data. So, the discovered things has much importance than thought on 8th April, just like Millions of Android devices found to be unsafe.

With the serious bug found in one of the OpenSSL libraries, all the precautionary measures taken by the protocols. Heartbleed allows the attackers to read memory systems designed to be protected and allows to capture information present in it (from personal password to the decryption keys used by the same server) or intercept any data transit (email, messaging, etc). It is therefore a serious problem and should not be underestimated. Nearly 66% of websites could be affected by this vulnerability: OpenSSL is in fact is the default encryption solution for Apache and nginx.

The OpenSSL version is plagued by Heartbleed 1.0.1f released about two years ago. Following the discovery of Codenomicon was released a security update (1.0.1g) designed just for “to patch” to the problem. The only viable solution is then to apply the patch termination and effectively spread the news so decrease the number of individuals attacked.

As for the high-sounding names, “in the first place” have been confirmed as vulnerable, until the last-update, the website of the FBI (!), Yahoo (even though most of the servers have been updated now) the well-known image hoster Imgur, OKCupid and Eventbrite, Amazon (some parts of the infrastructure have been patched). It is not clearly known why Google, Twitter and Facebook either were not affected by the problem or hidden the facts. Anyway it is recommended to change the old passwords.  The curious readers can also consult the list that Github is currently drafting. SoundCloud was also affected. The bug has been available to hackers for almost two years and a series of thefts may already have been done without leaving any trace. Most speculate that this vulnerability was also used by the U.S. intelligence services, such as the NSA, for the illegal acquisition of information, but this is obviously just conjecture and supposition. Not to forget the coincidence, Google, Twitter and Facebook were not affected and they were fired first by the mass users for supplying personal data of the users to NSA.

Facebook Twitter Pinterest

Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to OpenSSL and the Heartbleed Bug : The Situation

  • Nginx WordPress Installation Guide (All Steps)

    This is a Full Nginx WordPress Installation Guide With All the Steps, Including Some Optimization and Setup Which is Compatible With WordPress DOT ORG Example Settings For Nginx.

  • WordPress & PHP : Different AdSense Units on Mobile Devices

    Here is How To Serve Different AdSense Units on Mobile Devices on WordPress With PHP. WordPress Has Function Which Can Be Used In Free Way.

  • Changing Data With cURL for OpenStack Swift (HP Cloud CDN)

    Changing Data With cURL For Object is Quite Easy in OpenStack Swift. Here Are Examples With HP Cloud CDN To Make it Clear. Official Examples Are Bad.

  • HTTPS in WAMP Server on Windows PC localhost with OpenSSL

    HTTPS in WAMP Server on Windows PC localhost with OpenSSL is quite easy to setup if you follow our step by step guide. You will get self signed certificate.

performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (24.3K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • Market Segmentation in BriefSeptember 20, 2023
  • What is Booting?September 18, 2023
  • What is ncurses?September 16, 2023
  • What is JTAG in Electronics?September 15, 2023
  • iPhone 15 Pro Max Vs Samsung Galaxy S22/S23 UltraSeptember 14, 2023
PC users can consult Corrine Chorney for Security.

Want to know more about us?

Read Notability and Mentions & Our Setup.

Copyright © 2023 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy