Thursday, April 10, 2014

Heartbleed Bug: Unofficial information

Here are the links on what were reported on Hearbleed Bug:
  1. The Heartbleed Bug
  2. Does the Heartbleed Bug Mean You Should Stay Off the Internet?
    • Could temporarily staying away from Internet until things settling down be a protective approach?
  3. The Heartbleed Hit List: The Passwords You Need to Change Right Now
    • Could changing password be a protective approach?
      • Here are what experts say: Do NOT change your password on any websites until you know they are safe from Heartbleed.
  4. Heartbleed Bug a Catastrophic Hole in Web Security; Webusers Told to Change All Passwords
  5. Vulnerable web sites
  6. Heartbleed Test Tools
  7. 网络世界大混乱 (Chinese)
    • Could removing saved cookies be a protective approach!?
  8. OpenSSL 'Heartbleed' vulnerability (CVE-2014-0160)
    • Older versions are not vulnerable
  9. ‘Heartbleed’ Vulnerability Opens the Door to SSL Heartbeat Exploits
    • One of the factors that makes this such a critical vulnerability is there are no files to detect. It’s completely network borne, and leaves no trace that a system has been attacked.
  10. OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
  11. The Heartbleed Hack: Winners and Losers
    • The Heartbleed bug was unknown for two years before researchers discovered it two weeks ago. Companies (and if they can be believed, the government) had no idea whether or how they might have been attacked.
    • The Heartbleed vulnerability affects hardware as well as software. Equipment needs to be patched or replaced before it can be "safe."
If any web servers or their front-ends use OpenSSL, they are vulnerable to the attacks.  As I have heard of, the following products Do Not Include OpenSSL:
But, customers using Apache could be vulnerable.

Finally, you can learn more from Oracle public blog about the Heartbleed vulnerability (see also here).


1 comment:

  1. Using Kaspersky protection for a couple of years, I would recommend this anti-virus to all you.

    ReplyDelete