CVE-2014-0160

Why Heartbleed Matters

Why Heartbleed Matters

By now, you most likely have heard about this Heartbleed bug that has affected over half a million of the world's most popular websites due to a programming error within OpenSSL.  You can read more about the bug at the link above, but in essence it allowed unauthorized users to steal the identity of a server and decrypt all traffic that was coming to or had been to the server in the past.  This was hotly debated for a few days after Heartbleed's discovery, but has since been confirmed:

The demonstration by Cloudfare that it's possible to extract private SSL certificates means that out of an abundance of caution, administrators of sites that used vulnerable versions of OpenSSL should revoke and replace old certificates with new ones as soon as possible. Given the huge number of sites affected, the revelation could create problems.

So this is a pretty big deal for sites that rely on OpenSSL to encrypt their traffic.  The question that users should be asking themselves is which sites are affected?

Security Notice: Heartbleed Bug

Security Notice: Heartbleed Bug
Yesterday, a security vulnerability was discovered that has been colloquially called the "Heartbleed Bug." You can read about the vulnerability in more detail, but in laymen's terms: the vulnerability allows attackers to copy a web server's private key and decrypt (current and previous) communication received by the server - to include passwords.