Announcements 9 Apr 2014
The internet is abuzz with serious OpenSSL's Heartbleed vulnerability discovered 2 days ago. This vulnerability allows an attacker to steal information normally protected by SSL. This information may include everything from usernames, passwords, emails, chats, voice and video communications, banking transactions and so on.
The vulnerability exists in heartbeat extension of OpenSSL (RFC6520) and allows an attacker to leak the memory in up to 64k chunks. This does not imply that the data being leaked is limited to 64k though, as the attacker can continually abuse this vulnerability to leak additional data until they collect the information they are looking for.
While most news coverage so far gives the impression that the only services affected are web applications, the fact is that any software which uses vulnerable OpenSSL is a potential attack target. This includes routers, switches, computer to computer SSL communication, and even desktop/mobile applications which use vulnerable OpenSSL libraries.
The affected OpenSSL versions are:
This is major vulnerability in that there is no trace left on compromised systems. It is also difficult to recover from this, as it involves following steps, and even then there is no way to secure the already leaked information.
We urge everyone to immediately follow the above steps to put the SSL trust back into your systems.
iKNOX has already helped to secure all systems of its clients. If you need external help, feel free to reach out to us.
The Fediverse is a decentralized network of interconnected servers that allow users to communicate and share content through different applications. This means that your data is not controlled by a single corporation or organization, but instead is spread across multiple servers that are run by volunteers and organizations around the world.
Subscribe to our newsletter which covers Industry, FIX Protocol and Company news and events.