There’s a new bug making its rounds and this is one we’ve all got to worry about. On Monday, a team of Codenomicon and Google Security engineers unearthed an existing vulnerability in OpenSLL data-encryption standard. The flaw allows hacker communities to exploit a ‘keep alive’ or ‘heartbeat’ script used at the transport layer in the Open Systems Interconnection model (OSI) to reveal more data from the server than intended.
In tricking the security software, hackers could write hacks to access additional server data. It was in that additional data, the hackers could steal personal information such as user and password information from the server.
While it looks like only the 1.0.1 and 1.0.2-beta releases of OpenSSL are affected, it’s important to check your site’s vulnerability. Heatbleed bug testing tools are already available here.
I hope your web site passes this test! If not, visit with your Certificate provider and inquire about revoking and renewing your existing certificate as a possible solution.
As always the case in IT, there is a bright side to a reported bug of such deep reach, and that is allocation of a programmer’s time to fix the software and update. Upgrading security software will bring stronger encryption and greater security of our privacy. In addition, many individuals will update their passwords and hopefully use software to generate one and stop using “Password123”.