HeartBleed Vulnerability


On April 7th 2014 one of the biggest and most broad effecting vulnerabilities ever found in my opinion was disclosed publicly. The HeartBleed vulnerability.

What is the problem?
This vulnerability literally allowed a hacker to read and even write to a servers RAM. Why does that matter? This means that they could do almost anything to the server if they are persistent enough, read off files, write new files, nothing is safe. They could get your personal information that you have put on that website, IE passwords etc..

Who is effected?
Any server that used OpenSSL with specific versions from 2011 to current.

Does this effect me?
Yes. Roughly 90% of websites on the internet use apache, apache typically comes with OpenSSL, its estimated that about one to two thirds of the websites on the internet are effected by this. So odds are one of the sites you use is effected.

Does this effect things like video games?
If there is any form of online content then most likely yes.

What should I do?
Change your passwords on all sites, but first check if that site has updated and is safe. You can use this website to check for yourself: http://filippo.io/Heartbleed/ if it doesn’t say it is vulnerable then it should be ok.

Further Information:
There is evidence that this exploit was being abused as early as November of 2013 BEFORE it was publicly disclosed. This means hackers were using it! See: http://arstechnica.com/security/2014/04/heartbleed-vulnerability-may-have-been-exploited-months-before-patch/

This is a VERY serious matter. I highly encourage everyone to act on this. Do not disregard this saying o this site wasn’t effected, consider it as though every site has been compromised.

For more info about the vulnerability you can read here: http://www.heartbleed.com/

Leave a comment