The heartbleed bug has been all over the news, what is it though? Simply put it’s a flaw in openSSL which is used on web servers but not all, there’s nothing an average user can do about it, you are left at the whim of the administrator for the site that you are using to correct this problem. However once this is done you’ll want to change your password as it could have been compromised due to the bug, this could be useless though if the site you are using is still compromised so try to ensure that they’ve fixed/patched the problem and then change it again. This is also a good measure to do from time to time along with using different passwords for different sites so that if one is compromised they all won’t be. As an administrator of a website that uses openSSL, a basic understanding of what’s happening is through an exploit hackers are able to retrieve information from the actual RAM on the machine, which will send the hacker dumps of your memory every so often, the issue here is that RAM will hold on to information even if it’s not using it until something overwrites it so hackers could get all kinds of useful information from it. Once you’ve updated your openSSL you’ll want to ensure safety by changing passwords and also re-keying your SSL certificate due to the fact that the hacker could have obtained your key. Fortunately for us at Mr.Tutor-Tech our system doesn’t use openSSL so we were not affected at all. If you fall into this boat though your server could be behind servers that are running it so ensure whoever you are hosting through has made the updates on their side as well. Here’s an article which basically enforces the idea of making sure you take the proper steps and also stressing the fact that you shouldn’t just rush into the update and think that all is well again, cover any and all bases if you were affected by it. Here’s also another great article in regards to a number of sites that were affected, if you use any of the sites that were remember to change your password on them.
[breadcrumb]