Now Reading
OpenSSL Has A Critical Security Vulnerability

OpenSSL Has A Critical Security Vulnerability

by Brad MerrillApril 8, 2014

heartbleedThe OpenSSL project has just disclosed a major security flaw in the protocol that could expose the cryptographic keys and private communications from some of the most important services on the Internet. If you’re running a server with OpenSSL 1.0.1 through 1.0.1f, it’s critical that you update to OpenSSL 1.0.1g as soon as possible.

Installations of OpenSSL prior to version 1.0.1 are unaffected by the bug, but OpenSSL 1.0.2-beta users will need to address it. explains the issue in depth. It’s related to the “heartbeat” section of OpenSSL’s transport layer security (TSL) protocols and has been in the wild since March 2012. This is even more dangerous than Apple’s recent SSL bug, which opened the door for man-in-the-middle attacks, because the Heartbleed bug affects past traffic, reveals encryption keys that could lead to other compromises, and may affect as many as 66% of websites.

The bug was independently discovered by security firm Codenomicon and a Google Security engineer.

About The Author
Brad Merrill
Brad Merrill is the founder and former editor of VentureBreak.