place Google AdSense code here
OpenSSL is considered as a certificate for security but what when OpenSSL itself have a bug. That’s the reason Yahoo mail’s passwords were exposed. Heartbleed is a bug which is the result of a mundane coding error in OpenSSL.
OpenSSL is for implementing HTTPS encryption in websites, e-mail servers, and applications. The result of a missing bounds check in the source code, Heartbleed allows attackers to recover large chunks of private computer memory that handle OpenSSL processes. The leak is the digital equivalent of a grab bag that hackers can blindly reach into over and over simply by sending a series of commands to vulnerable servers. The returned contents could include something as banal as a time stamp, or it could return far more valuable assets such as authentication credentials or even the private key at the heart of a website's entire cryptographic certificate.
After this bug and a huge loss to Yahoo Mail, OpenSSL developers have released version 1.0.1g that readers should install immediately on any vulnerable machines they maintain. But given the stakes and the time it takes to update millions of servers, the risks remain high.
This worked as by sending many requests at a time and get an entry into website through a hole because of heavy traffic. The bug allows to eavesdropping in a website who is using OpenSSL library.
The OpenSSL patch is only the starting point on the path of Heartbleed recovery. Website operators should strongly consider replacing their X.509 certificates after applying the update and getting all users and administrators to change passwords as well.
Many websites have started to ask their users to change their passwords as soon as they have applied patch in their servers after knowing this attack and one of the example is most popular music website SOUNDCLUD.COM.
It's NOT probably so early for users to replace passwords across the board, but for sites they know have received the OpenSSL patch, it may be a good idea to change login credentials. People who are truly security conscious may want to change passwords a second time if they notice a patched site later updates its digital certificate.
It’s better to take step than cry later.
0 comments: Post Yours! Read Comment Policy ▼
PLEASE NOTE:
We have Zero Tolerance to Spam. Chessy Comments and Comments with Links will be deleted immediately upon our review.
Post a Comment