You've probably heard about the Heartbleed bug by now as there has been a lot of hype around it for a couple of weeks. In this post and video, we break it down and show you what you need to know, and help you understand how to protect against this nasty hacker's exploit.
Also known as CVE-2014-0160, Heartbleed is a serious security vulnerability in OpenSSL cryptography libraries that are widely used across the internet. This bug has been used to exploit a countless number of servers worldwide and ultimately leak valuable information such as usernames, passwords, X509 SSL certificates, instant messages, emails and other business critical documents.
Data security is essential for every business, and especially those with sensitive operations. Matt Haedo, Implementation Specialist at Miles Technologies, warns that businesses should take all necessary measures to protect against Heartbleed as soon as possible by installing patched software updates.
A popular misconception is that Heartbleed is a virus, and this is actually not the case. Rather, it is a programming error in the OpenSSL library. The bug exploits the 'heartbeat' feature in OpenSSL, returning a server message with compromised data attached.
Matt Haedo explains more about the exploit in this video, as well as how to check if your website is potentially vulnerable. By using a test server, penetration testing tool and vulnerable version of an Open VPN access server, he gives a visual demonstration of the bug in action and exposes how easy it is to access data.