April 10th 2014
Hi there, I wanted to let you know about an exploit that was recently discovered in SSL certificates. For those that don’t know SSL certificates are used to encrypt traffic across the internet making things safe for security conscious and e-commerce websites. When you see the padlock or green bar in a web browser then you know you are on a secure website, well that used to be the case.... Read More
Just recently an exploit has been discovered in the implementation of OpenSSL (the software that deals with SSL on a large majority of servers) that has been there for the past 2 years!!! On top of that this hack is undetectable so this makes this quite a serious problem. In short Heartbleed as the exploit has been called allows nasty people to defeat the SSL protection and gather information from websites, this could be passwords or anything you give to a website. The bug was discovered independently by 2 teams one at Codenomicon and the other was a Google security team. The problem in the software was fixed pretty sharpish by the OpenSSL team but now it is up to website and server owners to upgrade their software to avoid using the vulnerable version.
Not every website that has SSL on it used OpenSSL so not all are affected and there are a couple of lists floating around the internet which show who is safe and secure and who is vulnerable (I have included some links for the curious at the bottom of this email).
For our own servers and website that we look after we have already upgraded everything so it is all fixed and there is nothing to worry about.
No Comments - Click here to leave a comment