Friday, April 11, 2014
OpenSSL Heartbleed Computer Virus Fix
The Heartbleed virus is the latest in a series of viruses that steal all of your personal information, and its widespread enough that it can be considered an epidemic. In this day and age, a computer virus is just as annoying as a biological virus. So, what is it, and what can you do to protect yourself from it?
The Heartbleed bug is a bug in the open-source cryptography library, OpenSSL, which allows an attacker to read the memory of a server or a client, allowing them to retrieve, for example, a server's SSL private keys. Examinations of audit logs appear to show that some attackers may have exploited the flaw for 5 months before it was rediscovered and published. On April 7, 2014, it was announced that OpenSSL 1.0.2-beta, as well as all versions of OpenSSL in the 1.0.1 series prior to 1.0.1g had a severe memory handling bug in their implementation of the TLS Heartbeat Extension. This defect could be used to reveal up to 64 kilobytes of the application's memory with every heartbeat. Its CVE number is CVE-2014-0160.
The bug is exercised by sending a malformed heartbeat request to the server in order to elicit the server's memory response. Due to a lack of bounds checking, the affected versions of OpenSSL never verified that the heartbeat request was valid, allowing attackers to bring about inappropriate server responses.
The vulnerability has existed since Dec. 31, 2011, and the vulnerable code has been in widespread use since the release of OpenSSL version 1.0.1 on March 14, 2012. Affected websites include, but aren't limited to, Amazon, Soundcloud, Tumblr, Wikimedia, and Wunderlist.
So, according to Time Magazine, the best way to protect yourself against the virus is to go to this link and enter the site you want to visit to make sure it's "heartbleed safe." Ultimately, it's up to the site itself to fix the bug, if indeed it does have it. Changing your password isn't going to affect the site one way or another.
source: http://goo.gl/sE47UF
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment