Sorry - either this article does not exist or you haven't been given permission to view it.
RSS Feed
Latest Updates
Apr
20
OpenSSL - Heartbleed
Posted by Jithender Reddy on 20 April 2014 04:24 PM

Recently, the 'Heartbleed Bug' was uncovered in SSL enabled sites and has been termed as the biggest vulnerability in the history of internet, this is found especially in OPENSSL enabled sites. As long as the vulnerable version of OpenSSL is in use it can be abused.

What makes the Heartbleed Bug unique?

 Bugs in single software or library come and go and are fixed by new versions. However this bug has left large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease of exploitation and attacks leaving no trace this exposure should be taken seriously.

 How can OpenSSL be fixed?

 Even though the actual code fix may appear trivial, OpenSSL team is the expert in fixing it properly so fixed version 1.0.1g or newer should be used. If this is not possible software developers can recompile OpenSSL with the handshake removed from the code by compile time option -DOPENSSL_NO_HEARTBEATS.

 Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately

upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.

 

Please fire the command  yum update openssl*  for a full openSSL upgrade.


Read more »




Copyright CtrlS Datacenters Ltd 2007-2014