If you haven’t heard of the Heartbleed bug in the past month or so, and you use computers – you seriously need to refresh your knowledge. The fundamental concept of “Open source is good because so many developers contributed to it” has been proved to be a myth as of the 7th of April 2014.

A major vulnerability in the OpenSSL crypto library that’s thrown open ‘private’ keys to hackers – affects half a million of the internet’s web servers and possibly billions of internet users. And could affect transactions to the tune of billions of dollars – all for some FREE software??

May have been a better choice to spend on some quality.

According to wikipedia, an analysis on GitHub of the most visited websites on April 8, 2014 revealed vulnerabilities in many including Yahoo!ImgurStack OverflowSlate, and DuckDuckGo.[89][90][91] The following sites have services affected or made announcements recommending that users update passwords in response to the bug:

The Canadian federal government temporarily shut online services of the Canada Revenue Agency (CRA) and several government departments over Heartbleed bug security concerns.[116][117]

Platform maintainers like the Wikimedia Foundation advised their users to change passwords.[113]

The servers of LastPass were vulnerable,[118] but due to additional encryption and forward secrecy, potential attacks were not able to exploit this bug. However, LastPass recommended that its users change passwords for vulnerable websites.[119]

The Tor Project recommended that Tor relay operators and hidden service operators revoke and generate fresh keys after patching OpenSSL, but noted that Tor relays use two sets of keys and that Tor’s multi-hop design minimizes the impact of exploiting a single relay.[15] 586 relays later found to be susceptible to the Heartbleed bug were taken off-line as a precautionary measure.[120][121][122][123]

author image

About Chaitanya Dhareshwar

Chaitanya Dhareshwar, a Technocrat | CIO.

Member of various key technology and management organizations (IETF, ISOC, CSI)
with 14 years of technology management & advisory experience
has transformed companies from "stone age" to "space age". I build high-scale, self-sustaining, self-service platforms. Passionate about technology, innovation and creating killer opportunities that only great tech can bring. I've led teams from 5 - 150 people, and am hands-on with all forms of technology.

You Might Also Like...

IT Management in the travel industry
VSAT and VPNs
IETF – making the internet safe, keeping privacy sacrosanct
Light hearted humour