The heartbleed bug

The heartbleed bug

This morning we found out that OpenSSL has a very serious bug (CVE-2014-0160). Most services on the internet use OpenSSL for securing communications between browsers and servers and so do we. From heartbleed.com:

“Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.”

We immediately checked all our servers, updated OpenSSL to the very latest version and replaced all keys and certificates.

Want to know if other services (like your own) are vulnerable? Use http://filippo.io/Heartbleed/ to find out. While you’re at it, you might also want to check for other SSL related issues with this handy tool from SSL Labs.

Posted 10 years ago