This Blog has Moved!

This blog is moving to


Thank you for visiting! Content will remain here for archival purposes.

Heartbleed -- What Can You Do To Stay Safe?

The following is external content provided as a free resource for blog readers.






The Heartbleed SSL vulnerability is making headlines around the world – and misreporting in the press and online is causing confusion. How can you stay safe and ensue your personal details aren’t leaked?



What Is Heartbleed? Well, It’s Not A Virus

You’ve probably heard Heartbleed described as a virus. This isn’t the case: in fact, it is a weakness, a vulnerability in servers running OpenSSL. This is the open source implementation of SSL and TLS, the protocols used for secure connections – those that begin https:// rather than the usual http://.



This vulnerability – more commonly referred to as a bug – essentially creates a hole through which hackers can circumvent the encryption. Confirmed on April 7th 2014, it occurs in all versions of OpenSSL except 1.0.1g. The threat is limited to sites running OpenSSL – other SSL and TLS libraries are available, but OpenSSL is employed widely on servers around the web. A fix for the problem exists, but this may not have been applied to the websites you regularly visit for secure activities. These might be online shopping, gambling and other adult themed websites or even social networking.


With this free guide you will also receive daily updates on new cool websites and programs in your email for free courtesy of MakeUseOf.






Request Free!

2 comments:

  1. It is interesting that hobby and loser code ended up running half the internet. That is how much people don't want to pay for software. Some bozo in a trailer eating cans of beans managed to get his code on half the severs in the world. If someone made it up you wouldn't believe it. I think the principle of paying for code should be reestablished.

    ReplyDelete
    Replies
    1. That's a very interesting perspective Sean. Do you think this could have been avoided if organizations who use OpenSSL actively contributed back to its development?

      Delete