HeartBleed Bug - What is it all about and how it affects you

I guess by now most of us are aware of this <span style="color: #ff0000;"><strong>Heartbleed Bug</strong></span> which is a major vulnerability that put many users' confidential information (E.g. username, password) at risk. If you are thinking of changing your passwords instantly, you may hold on to that because unless the server has been patch otherwise it's useless. You may want to ask the service provider whether the server(s) has been patched and is not vulnerable to the Heartbleed bug.

<span style="color: #0000ff;"><strong>Discovery of the Heartbleed bug</strong></span>
The heartbleed bug was discovered independently by security company Codenomicon and Google security. The name "heartbleed" and the logo was created by Codenomicon.

<span style="color: #0000ff;"><strong>Impact of Heartbleed bug</strong></span>
It's estimated that a very large share of internet users will be affected as there's just too many servers using OpenSSL around the world. The affected versions of OpenSSL allocate a memory buffer for the message to be returned based on the length field in the requesting message, without regard to the actual size of that message's payload. Because of this failure to do proper bounds checking, the message returned consists of the payload, possibly followed by whatever else happened to be in the allocated memory buffer.

Heartbleed is therefore exploited by sending a malformed heartbeat request with a small payload and large length field to the vulnerable party (usually a server) in order to elicit the victim's response, permitting attackers to read up to 64 kilobytes of the victim's memory that was likely to have been used previously by OpenSSL.
<span style="color: #0000ff;"><strong>Heartbleed bug vulnerability check</strong></span>
There's several tools which is believed to check for the heartbleed bug vulnerability but it's recommended to check directly with the service provider whether it's patched.

<a href=" filippo.io/Heartbleed/ "> filippo.io/Heartbleed/ </a>
<a href=" appcheck.codenomicon.com/ "> appcheck.codenomicon.com/ </a>
<a href=" www.tripwire.com/securescan/?home-banner/ "> www.tripwire.com/securescan/?home-banner/ </a>
For more information on the Heartbleed bug, please visit Heartbleed.com as there's some pretty useful write up on the bug and other information.

&nbsp;

<strong>Reference links:</strong>
<a href=" www.zdnet.com/how-to-protect-yourself-in...ershocks-7000028311/ "> www.zdnet.com/how-to-protect-yourself-in...ershocks-7000028311/ </a>
<a href=" heartbleed.com "> heartbleed.com </a>
<a href=" www.cnet.com/news/heartbleed-bug-undoes-...eals-user-passwords/ "> www.cnet.com/news/heartbleed-bug-undoes-...eals-user-passwords/ </a>
<a href=" www.thewire.com/technology/2014/04/the-h...ir-passwords/361454/ "> www.thewire.com/technology/2014/04/the-h...ir-passwords/361454/ </a>
<a href=" www.cnet.com/news/patching-heartbleed-a-...-web-security-wound/ "> www.cnet.com/news/patching-heartbleed-a-...-web-security-wound/ </a>
<a href=" www.cnet.com/news/heartbleed-bug-what-you-need-to-know-faq/ "> www.cnet.com/news/heartbleed-bug-what-you-need-to-know-faq/ </a>
<a href=" filippo.io/Heartbleed/ "> filippo.io/Heartbleed/ </a>
<a href=" en.wikipedia.org/wiki/Heartbleed "> en.wikipedia.org/wiki/Heartbleed </a>

&nbsp;