Heartbleed Bug / CVE-2014-0160 A major new vulnerability called Heartbleed could let attackers gain access to users' passwords and fool people into using bogus versions of Web sites A flaw in software that's widely used to secure Web communications means that passwords and other highly sensitive data could be exposed.
Internet users advised to change passwords due to 'Heartbleed' bug http://www.latimes.com/business/tech...#axzz2yRefVfKm
An open-source software called OpenSSL that's widely used to encrypt Web communications. Heartbleed can reveal the contents of a server's memory, where the most sensitive of data is stored, including private data such as usernames, passwords, and credit card numbers. It also means an attacker can get copies of a server's digital keys then use that to impersonate servers or to decrypt communications from the past or potentially the future.
Also one more thing those people who do or does online transaction or business , please don't do any online shopping or banking for a few days.
It will be highly risk not like a other vulnerabilities ,but this one is extremely serious.
The vulnerability is officially called CVE-2014-0160 but is known as Heartbleed.
Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
You can take the Heartbleedtest in the below link http://filippo.io/Heartbleed/
There are quite a few operating system distributions that have shipped with potentially vulnerable OpenSSL version. |