What You Should Know Or Ignore About The Heartbleed Bug

A serious vulnerability called the Heartbleed bug has been found in most current implementations of Openssl version 1.0.1 up to version 1.0.1f. This  can be used to get the private key of a SSL connection, so it is important to update the server immediately. The bug is fixed in OpenSSL 1.0.1g. All Major Linux Distributions have release updates to the vulnerability.

To find out if your server is affected run this command (you will thank me later ofcourse)

openssl version

To get the version number of openssl. If the command shows like below then you might be vulnerable.

openssl version
OpenSSL 1.0.1e 11 Feb 2013

 

Update openssl according to the upgrade method listed  for your linux flavour. I will list the most common.

Debian based (including Ubuntu)

apt-get update
apt-get upgrade

Redhat based (fedora and centos)

yum update

Opensuse (for the cool kids like myself)

zypper update

 

And now for the Million Dollar question: What must an ordinary user like me do?

Firstly, there are a number of people spreading rumors that all hell has broken loose and the sky has fallen, no it has not.

If you are very worried about this, Keep Calm and Change Your Passwords.

So what applications are really affected? Well, the first thing that comes to mind for myriad of users is Facebook. Good news is that Facebook patched their servers a few months ago, so this is no longer an issue, and your account is safe provided you have a good password. The same thing applies to Yahoo and Gmail.

©Mwaba Shannon Chisenga, M.Sc, CISSP

Image credit: Epoch Times