OpenSSL HeartBleed Bug: Simple Exploit Views “Secure” Traffic

Big news came out yesterday on the CyberSecurity front: The HeartBleed Bug in OpenSSL can be exploited to unencrypt secure traffic. LastPass, Yahoo Mail, and more are affected.

(Information via ThreatPost)

Important Snippets:

“This vulnerability is very easy to exploit. It’s very easy to build from scratch…and there are also several tools that can be downloaded and used, in a matter of minutes.”

“The vulnerability in OpenSSL appears to have been introduced two years ago.”

It’s a nightmare vulnerability, since it potentially leaks your long term secret key — the one that corresponds with your server certificate. Worse, there’s no way to tell if you’ve been exploited.

Here is a tool that you can use to check against domains/websites, in order to verify the SSL security.

EDIT 04/09/14: Further information to be found directly from the source:

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s