Home » Tech » The heartbleed bug still affects all OpenSSL versions, the team informs today

The heartbleed bug still affects all OpenSSL versions, the team informs today

The Heartbleed bug that was published this spring was not fixed yet and several vulnerabilities have been discovered today affecting all versions of the Open SSL. The Open SSL 0.9.8, 1.0.0, 1.0.1 and 1.0.2 have been affected one more time by seven vulnerabilities. The man-in-the-middle attack, one of the bugs referred to a CCS injection has been dubbed as “serious”. Also, the 1.0.2 beta release is not yet updated and currently vulnerable. The team recommends those who are running one of the affected versions to upgrade as soon as possible. The vulnerabilities “allow malicious intermediate nodes to intercept encrypted data and decrypt them while forcing SSL clients to use weak keys which are exposed to the malicious nodes”, as explained by the team. The heartbleed bug was found by Masashi Kikuchi of Lepidum while studying safe TLS implementations. Hopefully, with the whole team’s help, the Heartbleed bug will stop being a concern in the next few weeks.

In order to stop the leak, a system update is absolutely necessary and software updates can be applied for each vendor. Solutions can be found for Ubuntu, Debian, FreeBSD, CentOS, Red Hat 5, Red Hat 6 and Amazon Linux AMI.  For those who are wondering if the private keys and certificates need to be recreated, the answer is no. In case you have transferred the private keys via paths protected by SSL/TLS, the keys could be sniffed, however.  In that case, regenerating the keys and certificates could be a good idea.

Massashi Kikuchi explained that the main reason why the heartbleed bug has not been found for over 16 years is simple. The code reviews were not sufficient and the reviewers were not experienced enough. So everything is a matter of human resources and experience in the end. Also, the Open SSL code should have been verified and the problem could have been detected in time.

About Egon Kilin

I’m Load The Game’s co-founder and community manager, and whenever I’m not answering questions on social media platforms, I spend my time digging up the latest news and rumors and writing them up. That’s not to say I’m all work and no fun, not at all. If my spare time allows it, I like to engage in some good old fashioned online carnage. If it’s an MMO with swords and lots of PvP, I’m most likely in it. Oh, and if you’re looking to pick a fight in Tekken or Mortal Kombat, I’ll be more than happy to assist! Connect with me by email markjudge (@) loadthegame.com only

Check Also

Sony Xperia Z4 specs, display leaked online

Sony Xperia Z4 specs, display leaked online

The Sony Xperia Z4 flagship is the upcoming Sony smartphone which should be launched in ...