Heartbleed Security Flaw

Another month and a another security problem. Hearbleed is  a security flaw on web servers not personal computers. It is linked to OpenSSL which is used on some secure web servers.

Johns Hopkins professor Matthew Green describes it as, “a tiny vulnerability — a simple missing bounds check — in the code that handles TLS ‘heartbeat’ messages. By abusing this mechanism, an attacker can request that a running TLS server hand over a relatively large slice (up to 64KB) of its private memory space”

This memory slice can contain login information etc., the experts have no idea how many, if any, people have been affected by this bug. A fix is being rolled out to web servers.  End users can expect a message from the affected websites to change their passwords.

If you would like more information there is a good article here.

-Dave

Advertisements
Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: