{"id":2866,"date":"2014-04-19T16:46:47","date_gmt":"2014-04-19T08:46:47","guid":{"rendered":"http:\/\/www.alfredivy.per.sg\/blogger\/?p=2866"},"modified":"2014-04-19T20:20:43","modified_gmt":"2014-04-19T12:20:43","slug":"heartbleed-bug-openssl","status":"publish","type":"post","link":"https:\/\/www.alfredivy.sg\/blogger\/2014\/04\/heartbleed-bug-openssl\/","title":{"rendered":"Heartbleed bug in OpenSSL"},"content":{"rendered":"<p>OpenSSL has a bug, the bounds checking for one of the variables were incomplete. \u00a0This bug is related to the heartbeat feature to check for the existence of a client.\u00a0 This <a href=\"https:\/\/xkcd.com\/1354\" target=\"_blank\">XKCD<\/a> comic is a very popular way of explaining how it works.<\/p>\n<p>&nbsp;<\/p>\n<div style=\"width: 650px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\" \" alt=\"Heartbleed bug explained by XKCD comic\" src=\"http:\/\/imgs.xkcd.com\/comics\/heartbleed_explanation.png \" width=\"640\" height=\"1364\" \/><p class=\"wp-caption-text\">Heartbleed Explanation<\/p><\/div>\n<p>What it gives out, unfortunately is everything.\u00a0 Server private keys and othr user sessions. All without being logged!<\/p>\n<p>So now websites that use OpenSSL, the admins are\u00a0 busy patching their servers, regenerating private keys.\u00a0 If anyone has a copy of the server private keys, they can decrypt any stored SSL traffic.\u00a0 Leading to some observers to call for serious discussion about the implementation of Perfect Forward Security.\u00a0 This is of course not without its additional encryption overhead.<\/p>\n<p>Soon you will need to have a browser plug in or extension to detect Heartbleed bug in the websites that you access.\u00a0 This is for Firefox and Chrome, <a href=\"http:\/\/www.techsupportalert.com\/content\/firefox-and-chrome-browser-extensions-check-heartbleed.htm?order=title&amp;sort=desc\" target=\"_blank\">link<\/a><\/p>\n<p><a href=\"http:\/\/heartbleed.com\/\" target=\"_blank\">\u00a0Awareness website<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Heartbleed bug or exploit in SSL and you.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[249,59],"tags":[347,245],"class_list":["post-2866","post","type-post","status-publish","format-standard","hentry","category-internet","category-servers","tag-heartbleed","tag-ssl"],"_links":{"self":[{"href":"https:\/\/www.alfredivy.sg\/blogger\/wp-json\/wp\/v2\/posts\/2866","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.alfredivy.sg\/blogger\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.alfredivy.sg\/blogger\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.alfredivy.sg\/blogger\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.alfredivy.sg\/blogger\/wp-json\/wp\/v2\/comments?post=2866"}],"version-history":[{"count":7,"href":"https:\/\/www.alfredivy.sg\/blogger\/wp-json\/wp\/v2\/posts\/2866\/revisions"}],"predecessor-version":[{"id":2873,"href":"https:\/\/www.alfredivy.sg\/blogger\/wp-json\/wp\/v2\/posts\/2866\/revisions\/2873"}],"wp:attachment":[{"href":"https:\/\/www.alfredivy.sg\/blogger\/wp-json\/wp\/v2\/media?parent=2866"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.alfredivy.sg\/blogger\/wp-json\/wp\/v2\/categories?post=2866"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.alfredivy.sg\/blogger\/wp-json\/wp\/v2\/tags?post=2866"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}