HeartBleed

Heartbleed Attack

As you may know, the #Heartbleed Bug, a vulnerability recently uncovered in the OpenSSL library, was announced last Monday is the cynosure of IT news these days.

What is Heartbleed bug?

During an SSL-encrypted connection, a connected computer could have accessed to up to 64K of unencrypted information, and that may have included private information, such as passwords. This bug was recently discovered, but has existed since 2011.

What should you do?

Many server management companies are claiming that they took the steps required to fix the vulnerability across their global network, however the Heartbleed attack does not usually leave telltale signs.

In the interest of security, you should:

1. Change your passwords. Change your passwords for any sites with personal/private information or access to critical services, especially those you’ve accessed recently.

2. Regenerate your private key. Recreate the .CSR and .CRT certificate files on any site that uses SSL. Then upload them and revoke your old certificate. This will protect you if a malicious attacker retrieves the private key.

Get in touch with your server team in case of any confusion and feel free to provide your inputs..!!

Meet the guy who accidentally created #Heartbleed 

http://www.latimes.com/business/technology/la-fi-tn-meet-the-german-engineer-who-accidentally-created-the-heartbleed-bug-20140410,0,2676251.story#axzz2z1lUVwSn