Heartbleed Bug

Is my website, email, phone system, or router I have through Virtual Impressions safe?

Yes.  None of Virtual Impressions servers, routers, phone systems, or email systems were vulnerable to the Heartbleed bug. 

This webpage was developed for more information on the Heartbleed Bug. You can read it if you’re really interested, but you might want to pinch yourself occasionally to be sure you haven’t fallen asleep.

The key points from the article are:

What versions of the OpenSSL are affected?

Status of different versions:

  • OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
  • OpenSSL 1.0.1g is NOT vulnerable
  • OpenSSL 1.0.0 branch is NOT vulnerable
  • OpenSSL 0.9.8 branch is NOT vulnerable

Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.

Has this been abused in the wild?

We don’t know. Security community should deploy TLS/DTLS honeypots that entrap attackers and to alert about exploitation attempts.

Who found the Heartbleed Bug?

This bug was independently discovered by a team of security engineers (Riku, Antti and Matti) atCodenomicon and Neel Mehta of Google Security, who first reported it to the OpenSSL team. Codenomicon team found heartbleed bug while improving the SafeGuard feature in Codenomicon’s Defensics security testing tools and reported this bug to the NCSC-FI for vulnerability coordination and reporting to OpenSSL team.

 

Posted in Technology.