Category Archives: SSL

Heartbleed Bug

In the news, is the “Heartbleed Bug.” While it has made the public news, it sadly is not new and based on at least a two-year-old flaw.

The Heartbleed Bug exploits a vulnerability (Heartbleed) in the way in which the OpenSSL encryption checks to verify that there is a computer at the end. That process sends a packet of data to check to see if there is a computer on the other end of a process. This is the “heartbeat.”

The bug sends out a disguised heartbeat to get a reply from your computer and tricks it into giving it additional information. This can include memory stored data that can include the encryption key. That key will unlock the encryption code and make the data read easily by anyone. Basically instead of a packet of data being sent that says “Hello, are you there?” it becomes “Hello, are you there and give me the (encryption) keys to the palace.”

What to do? As always, change your password frequently. Ask your hosting service if they have installed the patch. They should have done this weeks ago, when they were alerted before it hit the general public news.

You can read more here at <a href=”http://www.cnet.com/news/how-to-protect-yourself-from-the-heartbleed-bug/” target=”_blank” rel=”nofollow nofollow”>http://www.cnet.com/news/how-to-protect-yourself-from-the-heartbleed-bug/</a>