Heartbleed security patches coming fast and furious

Summary:Fixes for the highly dangerous OpenSSL Heartbleed security hole are arriving now. Update your servers ASAP.

Make no mistake about it. The OpenSSL Heartbleed security hole  is as serious for Internet security as a stage four cancer diagnosis would be for you. Worse still, OpenSSL 1.01 —  the one production version affected — had been shipping since March 12, 2012. That meant tens of millions of Web sites had been potentially vulnerable to attacks via this hole. Fortunately, OpenSSL repaired this with the release of OpenSSL 1.01g on April 7.

heartbleed

How bad is this bug? Popular sites such as Yahoo, Imgur, and OKCupid have all been hit by it.  Since OpenSSL is the default secure-socket layer/Transport Layer Security (SSL/TLS) for the Apache and NGINX Web servers, some estimates claim that as many as two-thirds of all "secured" Web sites are vulnerable to Heartbleed.

Worse still, proof-of-concept scripts are now available for script-kiddies to try to attack secure Web sites. Is your Website vulnerable to such assault? You can check your site with the Heartbleed test.

The good news is that operating system companies are now delivering the OpenSSL patches to their clients. So far, the fixed Linux operating systems include: CentOSDebianFedoraRed HatopenSUSE, and Ubuntu; SUSE Linux Enterprise Server (SLES) was not affected.

If you are in any doubt about your servers' security, check it for the bug and update it as soon as possible with the appropriate patch. This is no time to fool around with your security. Your systems, users, and customers' security all depend upon fixing this problem as quickly as possible.

Related Stories:

Topics: Security, Networking, Open Source

About

Steven J. Vaughan-Nichols, aka sjvn, has been writing about technology and the business of technology since CP/M-80 was the cutting edge, PC operating system; 300bps was a fast Internet connection; WordStar was the state of the art word processor; and we liked it.His work has been published in everything from highly technical publications... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.