OpenSSL Heartbleed Bug

Published on 10 Apr 2014

by GOsafeonline

OpenSSL is an open-sourced tool kit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols to encrypt network transmission, thereby providing communication security and privacy over the Internet for applications such as web, email and messaging. The Heartbleed bug is an OpenSSL vulnerability which can be exploited to allow information to be stolen from the encrypted network transmissions. Some examples of information that could be stolen include secret keys for the X.509 certificates, usernames and passwords. This affects many websites in the World Wide Web.

The Internet Service Providers (ISPs) have been informed of the bug and will take the necessary remedial actions and spread the word through their own channels. You are advised to heed the instruction of your ISPs if contacted to take precautionary or remediation actions. 

The following are the OpenSSL versions that are affected:

  • All versions of OpenSSL 1.0.1 prior to 1.0.1g
  • All versions of OpenSSL 1.0.2-beta prior to  1.0.2-beta2

If your website is currently using the affected OpenSSL versions, we advise that you upgrade them immediately. If your organisation’s network uses the Intrusion Detection System (IDS) or Intrusion Protection System (IPS), you should also check on the availability of signatures to detect or block such attacks.

For more information on the OpenSSL Heartbleed Bug, please visit the following websites: