The concerns of security experts and technical professionals around the globe have recently been raised as a serious exploit known as the Heartbleed Bug has raised it’s ugly head in the “OpenSSL cryptographic library” which, according to articles published by The Epoch Times and Before Its News, “could essentially allow attackers to gain access to highly sensitive information.” This “major flaw in the security of the World Wide Web” – discovered by a team of security engineers at both Codenomicon and Google Security – has many security professionals feeling “panicked.” Heart Bleed has been simply explained as a bug that “allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software“, according to reports.
The Heartbleed Bug proves itself to have created a “massive vulnerability” since OpenSSL – the widely used open-source software package which encrypts Web communications – has been left open to allow invaders to “steal the information that is normally protected by SSL/TLS encryption“, according to these reports. Logically, this bug affects “a lot of Internet users” since “Web applications, e-mail communications, instant messaging (IM) and some virtual private networks (VPNs)” can be opened to attack, according to reports. Experts confirm, according to these reports, that this vulnerability may also compromise “passwords, private communications and even credit card information” on a large scale making stealing private data even easier for cyber criminals.
Published statements from the research teams currently evaluating this bug were quoted in one article to say, “We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, e-mails and business critical documents and communication.” According to researchers and the security experts now addressing the situation, “the Internet will remain vulnerable as long as the flawed version of OpenSSL is in use. Fixed OpenSSL has been released, it must be deployed.” Additionally, to warn and educate users globally, numerous security agencies have posted statements quoted in these reports that say the following:
“Operating system vendors and distribution, appliance vendors, independent software vendors have to adopt the fix and notify their users,” the post says. “Service providers and users have to install the fix as it becomes available for the operating systems, networked appliances and software they use.”
PLEASE NOTE: The Hostwinds team has been working diligently to address this issue. We are pleased to communicate to our family of clients that our shared servers are patched, and that all Hostwinds clients are protected.
HeartBleed.com is a website made available to explaining this Heart Bleed bug in detail, educate the masses and answer a number of questions people may have concerning this serious situation.
Read more details about the The Heartbleed Bug in the full articles at The Epoch Times, Before Its News, HeartBleed.com and Threat Post and learn more about what is being done regarding this vulnerability.