Categories
Encryption Vulnerability

Upgrade OpenSSL Now!

Upgrade OpenSSL now to current stable to address a serious vulnerability in OpenSSL (CVE-2014-0160):

“The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).”

The official OpenSSL security advisory is here. Given OpenSSL is one of the most widely used libraries likelihood is at least some of your systems are going to be affected. It’s also a good idea to replace SSL certificates (using different private keys) and change passwords as a precaution. To test whether an Internet-accessible HTTPS service is affected you can use this free service provided by a third party however it comes without any warranties and may not give you a reliable indication – it is best to just (test and) upgrade OpenSSL.