With Heartbleed bug, attackers can retrieve private keys, and decrypt the server's encrypted traffic or even impersonate the server: facts and solutions.



The notable security company Netcraft has drove our attention on the heavy vulnerability in the OpenSSL cryptographic library. According to Netcraft, nearly 17% of SSL web servers which use certificates issued by trusted certificate authorities are affected.
The Heartbleed bug, can allow remote attackers to view up to 64 kilobytes of memory on an affected server. This could also allow attackers to retrieve private keys, and decrypt the server's encrypted traffic or even impersonate the server.
Heartbleed.com   announces that Apache and nginx are the most notable software using OpenSSL. A small percentage of Microsoft web servers and


FreeBSD also appear to support the TLS heartbeat extension.

OpenSSL's security advisory states that only versions 1.0.1 and 1.0.2-beta are affected, including 1.0.1f and 1.0.2-beta1. The vulnerability has been fixed in OpenSSL 1.0.1g, and users who are unable to upgrade immediately can disable heartbeat support by recompiling OpenSSL with the -DOPENSSL_NO_HEARTBEATS flag.
As a must-attend landmark for the end-to-end digital transformation, Connectikpeople.co recalls that, certificates and keys at risk of compromise should be revoked and replaced, particularly if they are used to protect sensitive data.
Connectikpeople.co has captured popular sites which exhibit support for the TLS heartbeat extension including: Twitter, GitHub, Yahoo, Tumblr, Steam, DropBox, HypoVereinsbank, PostFinance, Regents Bank, Commonwealth Bank of Australia.

Popular Posts