Skip to main content

OpenSSL - HeartBleed Vulnerability

Since HeartBleed vulnerability has been announced on April 7, almost all projects have rush to check how much their system is affected by it. Since it is a major vulnerability for OpenSSL, more or less some fallacies in each project exist.  This means that systems and data of their big amount of customers are in danger. That is why all users are waiting for a patch or a new release to avoid any attack related to this bug.

What is this vulnerability? What does it cause?
It is named as HeartBleed (CVE-2014-0160). It enables an attacker to steal keys used for communication establishment, passwords and process memory. Because it is hard to detect, SaaS providers and more couldn't ensure customers that such attack has not happened so far.

What is recommended to protect your data?
  • Check for updates of projects, if they are using openssl library. Update them immediately or apply patches. 
  • Upgrade openssl library in your servers to latest version.
  • Change your passwords.
  • Regenerate your key pairs and update your public key on servers.
Even though it is claimed that ssh is not affected by this vulnerability, it may be a good choice to update keys.

Check your servers to see if they are vulnerable with this code.

Companies immediately have dug into work for updates or patch. Here is blog posts of 2 popular sites:
Labels:
Location: Türkiye

Comments

Post a Comment

Popular posts from this blog

Integration of MuPDF Project as a Library into an Android Studio Project

I have needed to use MuPDF library in my android project. After some research, I have seen that there are many integration tutorials but, but integrated projects are developed on Eclipse. For projects on AndroidStudio+Gradle, there is no example. I mean there is no specific example which exactly refers to this issue. So, after achieving my goal, I want to share the steps publicly so that it can be reused by others.
27 comments
Read more

Migration from Proxmox to Openstack

I needed to migrate virtual machines in proxmox to openstack. VMs are in raw format. I needed to take some actions for a succesfull migration. I have perform all actions on Ubuntu 12.04 with virt-manager. qemu-kvm is installed. Here is the list of actions that I took: First, close the machine and copy the image file into your Ubuntu. Convert raw image to qcow2 format: qemu-img convert -O qcow2 image1.raw image1.qcow2 You need the image in qcow2 format for compatibility with openstack platform.  Open the converted image in virt-manager. Before opening, edit disk options. Under ' advanced options ' section, select ' qcow2 ' as ' storage forma t '. Start the virtual machine. You should see the login screen soon. (If you don't set storage format, vm will not find a bootable device. )   If everything is ok so far, close the vm. Take qcow2 image and upload it into glance. It may take time depending on size of it. After this process is completed, open a...
Post a Comment
Read more

How to avoid API-level warning of Android Studio

Before giving the solution, let's start with a scenario. setSelectionFromTop() is a new method in Android Lollipop API. This method is basically beneficial to precisely keep scroll state of a ListView. By keeping that info, a developer can go back to old scroll state after doing some operation like data set change. You are aware of API level and you do your control before you call this function: if (currentapiVersion >= Build.VERSION_CODES.LOLLIPOP) { srlistview.setSelectionFromTop(index, top); } But if project minSdk is set to a lower level (in this case it is 15), this warning will still be displayed in Android Studio:
3 comments
Read more