Caution Advised as Heartbleed Poses Serious Security Threat
A possibly harmful flaw was found with the OpenSSL libraries that will likely trigger reactions which range from mild concern to serious discussions in the safety industry. Bitdefender advises its customers to exercise care — although at this point, it is not possible to measure the extent of the damage — or indeed if any damage was caused.
The Heartbleed bug could give anyone who knew about it unfettered access to protected web sites throughout the internet that use certain versions of OpenSSL, which is used for SSL (Secure Sockets Layer) or TLS (Transport Security Layer) encryption. This usually means that an attacker steal info, could enter a website that is secure and leave without a trace.
The SSL and TLS protocols are utilized to secure web programs, email, some VPNs, messaging services and more. This means thieves could have made off with private messages, encryption keys, passwords, files that are confidential and anything else that consumers believed was protected.
It’s quite difficult to estimate just how many individuals or web sites have been compromised by Heartbleed, but OpenSSL is the default encryption library of Apache and Nginx server software, which are utilized by 66 percent of those websites on earth, according to the Netcraft April 2014 Web Server Research.
That doesn’t automatically place them all. The bug is found in versions issued by December 2011. OpenSSL advises in a note that “1.0.1 and 1.0.2-beta releases of OpenSSL are affected such as 1.0.1f and 1.0.2-beta1. Affected users should upgrade to OpenSSL 1.0.1g.”
Bitdefender has taken the steps that were necessary and for safety practices we inform one of the following:
Bitdefender Security Specialists