HeartBleed bug - All OpenSSL websites may be at risk

Durasara · April 10, 2014, 12:58am

http://www.businessinsider.com/heartbleed-bug-explainer-2014-4

http://www.cnet.com/news/heartbleed-bug-undoes-web-encryption-reveals-user-passwords/

You can also just google "heart bleed bug" which is becoming a hot topic across the internet very rapidly.

Basically, what happens is the website sends a "heartbeat" test to the client, and if the client is still there, the client responds, but in that there is a vulnerability with most web servers including Apache and Nginx as well as any other server that uses OpenSSL

Discovered by a security researcher at Google, many websites have already fixed the bug, which simply requires updating OpenSSL

Durasara · April 10, 2014, 2:31pm

The polls are in, here's what the companies say you should change.

http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/#:eyJzIjoiZiIsImkiOiJfN29mbHNla3J1a3YwcGpsdiJ9

I'd say go ahead and change them all, though.

WireframeNerd · April 11, 2014, 2:11am

Wish people would take this breach more seriously :/

Phantom.bak · April 11, 2014, 2:23am

Well there's nothing you can really do until ALL of the websites that you frequent have been fixed. If you change your passwords, but they haven't fixed the bleed, it's useless.

Prince_Vultan · April 11, 2014, 2:52am

If anyone would like it I have the script that exploits the bug.