SSL stands for Secure Sockets Layer also known by another name, Transport Layer Security- TLS. It’s the basic means of encrypting information on the Web between the browser and the web-server. It was a common scenario that proxy servers between the browser and the webserver could read all the data. This was made impossible by use of SSL which ensured that the data between the browser and the webserver was encrypted.

Many websites which have transactions implement SSL which is identified by HTTPS instead of HTTP in their web URLs.

The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.

A vulnerability is an existence of a software flaw, logic design, or implementation error that can lead to an unexpected and undesirable event executing damaging instructions to the system.

heartbleedThe Heartbleed Bug is a vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

If you haven’t used OpenSSL in your IT landscape, you can relax. If you have used OpenSSL and would like to if your servers are prone to this, you might want to test it out using filippo.io/Heartbleed

If your servers are prone to this vulnerability, then apply the latest security patch from OpenSSL www.openssl.org

Leave a Reply