Monday, May 05, 2014

Take care of HeartBleed bug, stop the flow

Heartbleed bug works on the vulnerabilities (missing bounds check in handling of the TLS heartbeat extension) in the popular OpenSSL crysptographic library. When the server is infected it can steal typically 64 chunks of information from HTTPS sites. SSL/TSL encryption data secures the information between you and your server for whatever application, be it be web, email, instant messaging and VPNs. Once stolen it can impersonate users to do further damage.

There has been a fix. Affected servers should upgrade their servers to 1.0.1g version. Most of them are trying to implement the fix and some seems to have already done it.

Testing in Filippo's online test site (next link in the post) the following institutions seems to have fixed the issue. You may feel safer if you are using these services. However double check with your institution.

Bank Of America
Bank Of Hawaii
Bethpage Federal Credit Union
T D Ameritrade

For example PNC Bank at the time of this post does not give a 'clear' signal and other forces may be at work. Check it out on the FAQ page for Filippo's site here.


No comments: Protection Status