What is Heartbleed?
Heart is a serious vulnerability discovered in OpenSSL (a
cryptographic software library used by most devices to implement SSL and TLS
code).
What does it do?
The Heartbleed bug exposes up to 64k memory of the server it
is running on allowing an attacker to read the memory of the system. This enables anyone on the Internet to find
things like private keys, passwords, bank account information, etc.
Where did it come from?
Heartbleed was introduced by a new feature added to TLS
called the Heartbeat Extension which adds the capability to keep TLS
connections alive without continuous data transfer.
What servers does this affect?
Mostly Apache servers, or any other devices that use OpenSSL
libraries versions 1.01 and 1.0.2-beta.
Does it affect Windows Servers?
It does not affect Microsoft’s IIS (Internet Information
Services) or Exchange Server. It would
affect apache on windows using OpenSSL.
How do I know if a server is affected?
Test it! http://filippo.io/Heartbleed/
If I have an affected server, what do I do about it?
Patch it, version 1.0.1g resolves the issue. You should also re-key your SSL certificate.
No comments:
Post a Comment