heartbleedThe Heartbleed vulnerability allows an attacker to read encrypted traffic of other users of the vulnerable server. Million websites and services are affected.

Monday, April 7th a very serious vulnerability was disclosed to the general public. The issue was privately known from December 2013 and was present in the OpenSSL code for the last years.

Heartbleed is one of the worst security threats in recent memory for organizations that have trusted OpenSSL to protect their data. Netcraft’s recent analysis suggests that today, around 15 percent of sites —or approximately a half million private keys — are exposed to the vulnerability.

Our Research lab released a tool, called OpenMAGIC to check if your server is affected and actively exploit it, in order to really see what content is leaked and how it affects you or your organization.

OpenMAGIC: OpenSSL TLS heartbeat read overrun (CVE-2014-0160)

How the vulnerability works?

I'm a user, what should I do?

If you are a user you should use one of the online checking tools to verify that your informations are safely handled by your provider, bank and any other service that manage your data. If you find them vulnerable take the time to point them to this page. Changing your password and then logging out is a very good idea.

How do I secure my servers?

If you are a system administrator you should upgrade your systems and regenerate any affected key. This will ensure that you are no longer vulnerable to the attack but you could assume that some data has been leaked. The first step is to destroy all the sessions alive on your web-applications and notify your users so that they can change their passwords.

Still confused and worried about Heartbleed?

With EasyAudit you can check the security of your systems and web-applications. Knowing the vulnerabilities you are affected by is the first step to keep your business safe, and we are great doing it.