The Heartbleed bug - a software vulnerability in the popular OpenSSL library - made a big splash in the Internet a couple of weeks ago. While dozens of security issues are discovered every day, Heartbleed was different in that it affected a core library used by almost all of the big web providers, including Google and Facebook.

The really bad news for users of these web services was that because of Heartbleed, their usernames and passwords were had been exposed to attackers for nearly half a year. Even though the issue was fixed instantly, there was no way to tell if (and by whom) the issue had been exploited, and what accounts had been compromised.

The current status

At the beginning of April, a study by Netcraft showed that half a million widely trusted websites were vulnerable to the Heartbleed bug. We know that by now the issue has been fixed at all big web providers. However, it is hard to say how many of the other sites have already applied the fix. This means that both users and server administrators have to be be aware of the threat.

As a follow-up the following measures are recommended:
  • Users who haven’t changed their passwords / pin codes yet should immediately do it, especially for critical web services such as online banking.
  • Web server admins should make sure that their servers are properly patched. A free scanning tool is available at:
  • Heartbleed also affects mobile devices. According to Google, devices running Android 4.1.1 are vulnerable to the attack. Users who own such as device should refrain from using to to access sensitve applications and install updates as soon as they become available.

Post a Comment

Blogger Tips and TricksLatest Tips And TricksBlogger Tricks


Cloud Power For You

Website Hosting At Low Price


Empire Views