Officially known as CVE-2014-0160, Heartbleed is a recently discovered bug in OpenSSL. It has the potential to expose huge amounts of private data, including user names, passwords, credit card numbers and emails, as OpenSSL software is a commonly used code to secure the aforementioned data when you visit a secure site (usually displayed with that green bar or server lock symbol).
The bug was discovered independently by security engineers at the Finnish internet security testing firm Codenomicon and Neel Mehta of Google Security. It is found in a version of the code that has been used by internet services for more than two years.
The simple answer to what this bug allows is someone to essentially eavesdrop by being able to read the memory of any systems using the OpenSSL software, which is roughly two thirds of SSL/TLS encryption securing the internet.
As reported on heartbleed.com “We have tested some of our own services from attacker’s perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.”
This “leaking” can easily be stopped as a fixed OpenSSL has been released.
Has FullHost closed this vulnerability?
All of our shared, enterprise, and reseller hosting servers, as well as any server that is managed by us had has this vulnerability closed. For those that we do not manage, it is strongly encouraged that this be done immediately.
To check if you are vulnerable:
http://filippo.io/Heartbleed/
For more information please visit:
http://heartbleed.com/
http://en.wikipedia.org/wiki/Heartbleed_bug
