Skip to main content

OpenSSL - HeartBleed Vulnerability

Since HeartBleed vulnerability has been announced on April 7, almost all projects have rush to check how much their system is affected by it. Since it is a major vulnerability for OpenSSL, more or less some fallacies in each project exist.  This means that systems and data of their big amount of customers are in danger. That is why all users are waiting for a patch or a new release to avoid any attack related to this bug.

What is this vulnerability? What does it cause?
It is named as HeartBleed (CVE-2014-0160). It enables an attacker to steal keys used for communication establishment, passwords and process memory. Because it is hard to detect, SaaS providers and more couldn't ensure customers that such attack has not happened so far.

What is recommended to protect your data?
  • Check for updates of projects, if they are using openssl library. Update them immediately or apply patches. 
  • Upgrade openssl library in your servers to latest version.
  • Change your passwords.
  • Regenerate your key pairs and update your public key on servers.
Even though it is claimed that ssh is not affected by this vulnerability, it may be a good choice to update keys.

Check your servers to see if they are vulnerable with this code.

Companies immediately have dug into work for updates or patch. Here is blog posts of 2 popular sites:
Labels:
Location: Türkiye

Comments

Post a Comment

Popular posts from this blog

Migration from Proxmox to Openstack

I needed to migrate virtual machines in proxmox to openstack. VMs are in raw format. I needed to take some actions for a succesfull migration. I have perform all actions on Ubuntu 12.04 with virt-manager. qemu-kvm is installed. Here is the list of actions that I took: First, close the machine and copy the image file into your Ubuntu. Convert raw image to qcow2 format: qemu-img convert -O qcow2 image1.raw image1.qcow2 You need the image in qcow2 format for compatibility with openstack platform.  Open the converted image in virt-manager. Before opening, edit disk options. Under ' advanced options ' section, select ' qcow2 ' as ' storage forma t '. Start the virtual machine. You should see the login screen soon. (If you don't set storage format, vm will not find a bootable device. )   If everything is ok so far, close the vm. Take qcow2 image and upload it into glance. It may take time depending on size of it. After this process is completed, open a
Post a Comment
Read more

Integration of MuPDF Project as a Library into an Android Studio Project

I have needed to use MuPDF library in my android project. After some research, I have seen that there are many integration tutorials but, but integrated projects are developed on Eclipse. For projects on AndroidStudio+Gradle, there is no example. I mean there is no specific example which exactly refers to this issue. So, after achieving my goal, I want to share the steps publicly so that it can be reused by others.
27 comments
Read more

Xposed - How to hook a method with primitive-type parameter

Xposed Framework is a great tool to take actions which Android SDK doesn't provide for developers. One of the great hacks that you can do is hooking a method. You can see parameters given to a method, with many other properties of it. There are some tutorials on Internet, but in this tutorials, they show hooking method without parameters or with class parameters. Its code is: findAndHookMethod("com.android.settings.Settings", lpparam.classLoader, "updateHeaderList", List.class, new XC_MethodHook() { @Override protected void beforeHookedMethod(MethodHookParam param) throws Throwable { //your code } });
6 comments
Read more