Web Niraj
  • Facebook
  • Flickr
  • Github
  • Google+
  • Linkedin
  • Twitter
  • YouTube
Online portfolio, code examples and developer blog
  • Home
  • About Me
  • Contact Me
  • Portfolio
  • WordPress
Search the site...
  • Home
  • Blog
  • Are You Vulnerable to the Heartbleed Bug?

Are You Vulnerable to the Heartbleed Bug?

1

If you have a website or work with websites secured with OpenSSL, the heartbleed bug is something that will affect you. Heartbleed is a security bug in the open-source OpenSSL cryptography library, widely used to implement the Internet’s Transport Layer Security (TLS) protocol. While a fix for the bug was released on April 7, 2014, websites will be vulnerable until the servers have been patched.

Understanding the Heartbleed Bug:

xkcd explains the heartbleed bug in a easy-to-understand comic:

heartbleed-explained

Are you affected?

The best way to see if your website, or a site you use, is affected is by testing it for the Heartbleed bug. The tool, built by Filippo Valsorda, replicates the process in the comic above to obtain information from the server’s memory, often revealing information like passwords, credit card information and more.

How to Patch It

If you are using shared hosting space, it’s likely that your site has been patched already. If your site is showing up as VULNERABLE on the test site, you should contact your provider immediately to get the issue resolved. If you are a sysadmin, you can patch the system yourself using your repo management tool:

Redhat / CentOS: yum update
Ubuntu: apt-get update

If you are unsure on how to patch your server, contact your provider or check their support site.

Once the patch has been installed, either reboot your system or restart any services that use OpenSSL, including Apache, MySQL, Email daemons, FTP servers etc.

Security, Server, SSL

One comment on “Are You Vulnerable to the Heartbleed Bug?”

  1. 3 Tools to Help Secure Your Server or Website | Web Niraj says:
    August 14, 2019 at 12:20 PM

    […] Qualys’ SSL Test is similar to ImmuniWeb’s one above. In addition to check various configuration issues, this report also tells you which browsers or devices your website may not work with. It also check is your server is vulnerable to various critical vulnerabilities like POODLE, and Heartbleed. […]

    Reply

Leave a Reply to 3 Tools to Help Secure Your Server or Website | Web Niraj Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Support me via Patreon

Become a Patron!

StackExchange / StackOverflow

profile for Niraj Shah on Stack Exchange, a network of free, community-driven Q&A sites

Tags

Amazon Web Services Android Android 4.4 KitKat Android 5.0 Lollipop Apache API Application Backup Bug Command Line Cordova Example Facebook Facebook Graph API Facebook PHP SDK 4.0 Facebook Social Plugins Fan Page Flash Geolocation Google Nexus 5 Google Nexus One Hacking HTML5 Image Manipulation iOS iPhone JavaScript jQuery Laravel 5 Linux NodeJS Parse PDF PHP Plugin Portfolio Security Server SSH SSL Sysadmin Tutorial Wonga.com WordPress WordPress Plugins
© 2011-2019 Niraj Shah
  • Privacy Policy
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.OkPrivacy Policy