Skip to content
Azilen / Product Engineering / Have You Secured Your Web Server From HeartBleed?
Product Engineering
by Team Azilen
April 14, 2014

Have You Secured Your Web Server From HeartBleed?

Featured Image

Overview

HeartBleed is a biggest security threat on the web. Since December, 2011 it’s on the web, this bug was independently discovered by a team of security engineers (Riku, Antti and Matti) at Codenomicon and Neel Mehta of Google Security, who first reported it to the OpenSSL team.Overview

HeartBleed is a biggest security threat on the web. Since December, 2011 it’s on the web, this bug was independently discovered by a team of security engineers (Riku, Antti and Matti) at Codenomicon and Neel Mehta of Google Security, who first reported it to the OpenSSL team.

As per the official website,

“The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).”

This bug allows anybody on the web to read anybody’s system memory, although it’s protected by the vulnerable versions of the OpenSSL.

Who is Affected From This Bug?

You may be directly or indirectly affected by this bug. Any popular social website, any installed software, ecommerce website, government websites, company website that might be using vulnerable OpesSSL may affected by this bug. Any webserver which is using an insecure version of OpenSSL is affected, like Web services (HTTPS), Mail Services, OpenSSL, VOIP, and SSL based VPNs, etc.

If you are using these services for your business then first checks that your website is affected by this bug or not, if yes then change the password for all your accounts. Also, you can manually check your website with the help of this online tool at http://filippo.io/Heartbleed/.

Below OpenSSL versions are vulnerable:

  • OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
  • 1.0.2-beta & 1.0.2-beta1 are vulnerable

If you are using a web server which is running on OpenSSL, you must test your vulnerabilities using different utilities.

Many Operating Systems that have delivered with possibly insecure OpenSSL version, which are:

  • Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4
  • Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11
  • CentOS 6.5, OpenSSL 1.0.1e-15
  • Fedora 18, OpenSSL 1.0.1e-4
  • OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012)
  • FreeBSD 10.0 – OpenSSL 1.0.1e 11 Feb 2013
  • NetBSD 5.0.2 (OpenSSL 1.0.1e)
  • OpenSUSE 12.2 (OpenSSL 1.0.1c)

Operating system distribution with versions those are not vulnerable:

  • Debian Squeeze (oldstable), OpenSSL 0.9.8o-4squeeze14
  • SUSE Linux Enterprise Server
  • FreeBSD 8.4 – OpenSSL 0.9.8y 5 Feb 2013
  • FreeBSD 9.2 – OpenSSL 0.9.8y 5 Feb 2013
  • FreeBSD 10.0p1 – OpenSSL 1.0.1g (At 8 Apr 18:27:46 2014 UTC)
  • FreeBSD Ports – OpenSSL 1.0.1g (At 7 Apr 21:46:40 2014 UTC)

What about Mac and iOS Users?

As per AskDifferent,

“No versions of OS X are affected (nor is iOS affected). Only installing a third party app or modification would result in a Mac or OS X program having that vulnerability / bug in OpenSSL version 1.0.x

Apple deprecated OpenSSL on OS X in December of 2012 if not earlier. No version of OpenSSL that is vulnerable to the Heartbleed Bug”

So iOS and Mac uses don’t have to worry about the HeartBleed bug, as apple is not using OpenSSL in iOS.

–> Check our software product development services

Solutions to Prevent

  • Upgrade your OpenSSL 1.0.1g.
  • Recreate your secret keys
  • Ask your users to change the password for their accounts
  • Disable Heartbeat from your Present Installed SSL
  • Upgrade your OpenSSL on Ubuntu 13.10, Ubuntu 12.10 and Ubuntu 12.04 LTS.

To update your system on Ubuntu, please follow these instructions at, https://wiki.ubuntu.com/Security/Upgrades.

“Hope this helps you to fix the HeartBleed Bug”

Table of Content
Contact Us

Blog inner page

"*" indicates required fields

NAME*
This field is for validation purposes and should be left unchanged.

Related Insights

Mobile App Testing
Product Engineering
6 mins
Mobile App Testing – Secret to Successful App Functionality and User Experience
Aug 24, 2014
Read More
IBM Bluemix
Product Engineering
3 mins
A Step by Step Guide to Develop Temperature Sensor IoT Application Using IBM Bluemix
Jul 19, 2017
Read More
Top 7 Emerging Trends of Enterprise Mobility
Product Engineering
5 mins
Top 7 Emerging Trends of Enterprise Mobility
Dec 04, 2013
Read More
How to not over engineer software product
Product Engineering
10 mins
Software Product Development: How to Not Over Engineer it? (Lessons From 90s Worst Swissair Flight 111 Crash)
Dec 15, 2023
Read More
Easy and Useful Web Development Tools For Developers
Product Engineering
3 mins
Easy and Useful Web Development Tools For Developers
May 16, 2014
Read More

Let's Connect for Successful Product Journey

We're committed to providing quick and reliable solutions to your challenges.
Your full name(Required)
Accepted file types: txt, jpg, png, pdf, docx, xlsx, Max. file size: 100 MB.

California, USA

5432 Geary Blvd, Unit #527 San Francisco, CA 94121 United States

+1(989) 287-9400

14080 Jedediah Court, Grass Valley, CA 95945 United States

Canada

6d-7398 Yonge St,1318 Thornhill, Ontario, Canada, L4J8J2

+1(989) 287-9400

Germany

Hohrainstrasse 16, 79787 Lauchringen, Germany

Switzerland

Place Grand Saint Jean 1, 1003 Lausanne, Switzerland

+41 44 586 2272

Sweden

Karlavägen 18, 114 31 Stockholm, Sweden

+46 70 239 98 19

South Africa

5th floor, Bloukrans Building, Lynnwood Road, Pretoria, Gauteng, 0081, South Africa

India

12th & 13th Floor, B Square-1, Bopal – Ambli Road, Ahmedabad – 380054

+91 02717 400928

B/305A, 3rd Floor, Kanakia Wallstreet, Andheri (East), Mumbai, India