Heartbleed Vulnerability – Oh My!
Anyone who works closely with the IT world is likely well aware that recently, a vulnerability in the popular cryptographic software library — OpenSSL — has become very publicized and pathed the way for attackers to collect sensitive / private information.
This particular vulnerability is getting so much attention not just because it has existed for awhile now, but because it’s easy to execute, puts private information at risk, and the attack “leaves no trace”.
For those who are curious, the Common Vulnerabilities and Exposures (CVE) is CVE-2014-0160. More information is available here.
What version are affected? OpenSSL 1.0.1 through 1.0.1f.
Many Linux distros ship with a vulnerable OpenSSL version and if you’re using Apache and/or NGINX, then it’s worth looking into.
You can protect yourself by using OpenSSL 1.0.1g or newer.