Warning! Critical vulnerability in OpenSSL

Tuesday, 08 April 2014 01:11

Just yesterday, was made public a critical vulnerability in OpenSSL.

The vulnerability is related to the lack of adequate bounds checking in one of the procedures expansion Heartbeat (RFC6520) protocol TLS / DTLS. Due to the small mistakes anyone can gain access to the computer's memory, whose communication "protected" vulnerable version of OpenSSL. In particular, the attacker gains access to the private key, user name and password and all content to be transmitted in encrypted form. When this leaves no traces of penetration into the system.

Thus this vulnerability, even the most conservative estimates, at least one third of all the servers in the world.

Check whether your server is vulnerable, you can use online resources http://filippo.io/Heartbleed/ and http://possible.lv/tools/hb/

If the vulnerability is confirmed, it is necessary to immediately upgrade OpenSSL, and then restart the services that use it: apache, nginx, mail services, etc.

Our company has already completed the update on all the servers you are located in our service, as well as shared hosting servers.

Users are not being serviced by our company may also, if necessary, seek help from us for a fee.

Leave a comment

  • Payment
  • visa
  • mastercard
  • qiwi
  • webmoney
  • yandex money
  • sberbank
  • mts bank
  • zpayment
  • liqpay
  • alfabank white
Copyright © 2012 - 2020 WebPatron Ltd. All rights reserved.