Heartbleed Bug: What You need to Know?

Heartbleed Bug is a vulnerability in the popular OpenSSL cryptographic software library underpinning major sections of the Web, which potentially exposes data supposedly encrypted from various sites. It allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.

Robin Seggelmann, the coder, admitted that he "missed the necessary validation by an oversight."

The code in question was originally intended to enable a function called Heartbeat in OpenSSL's Transport Layer Security, which exchanges a packet of random data between your computer and a server to confirm they're connected.

Hackers, thereby can manipulate their computer to lie about how much data is in the original packet, allowing the server to give out the packet with data pulled from its memory before sending it back.

The Fixed OpenSSL has been released for Service providers and users to install the fix as it becomes available for the operating systems, networked appliances and software.
Next Post »