The Heartbleed Bug also known as CVE-2014-0160 is a vulnerability within the OpenSSL cryptographic software library that enables all the SSL/TLS protected information to be stolen under normal conditions. The Heartbleed Bug allows attackers to easily implement MITM, phishing and data theft. Unless something is done soon, Heartbleed could potentially devastate the reputation of the sixteen year old OpenSSL collaborative and cause millions of dollars worth of damage.
The way the bug works is fairly simple, it allows anyone with internet access to read the memory of the systems protected by the vulnerable versions of the OpenSSL Software. This compromises the private keys being used and allows attackers to eavesdrop on what is supposed to be encrypted traffic. Considering the long exposure time and the large amount of jeopardized private keys this Bug should be taken very seriously.
This is not a SSL/TLS Design flaw. The reason for these issues is related to a programming mistake on the behalf of OpenSSL. If you are currently using OpenSSL and you think that your secure connection has been compromised please contact us and we can help you find a better and more reliable solution.
Wednesday, April 9, 2014
