Google+

VCLEVER BLOG

Posted on April 12, 2014 at 9:07 am by Andrew Arnott

What the Heartbleed vulnerability means and what to do

The Heartbleed security vulnerability has been well-publicised, but advice on what to do varies wildly. We’ve been updating our clients and thought we’d publish our thoughts here.

Heartbleed Vulnerability

What is it?

Firstly, if you haven’t heard about it (which would be quite an achievement), Heartbleed is the catchy but alarming-sounding name given to an error in the code of a bit of widely-used software called OpenSSL, which encrypts data on ‘secure’ websites. OpenSSL is used on maybe around two-thirds of secure sites on the web (so that’s two-thirds of sites that start with https:// and have the little padlock symbol displayed). The error allows an attacker to trick a website’s server into giving them a small random chunk of data from the server’s memory, which could be anything – something harmless, some sensitive data, a password, or an encryption key.

Some reports imply that hackers are just taking specific data at will, but they have to go through multiple attacks, getting little chunks of random data at a time and hoping they turn up something useful. It’s still not good, but it’s not the same. And the chances that you have been compromised are probably very slim (more…)

Filed under: All, Industry news, News, Technical stuff | No comments yet

Navigation

Enable widgets if you can see this