New security blanks appear constantly. But there are some that are critical. One of these is the so-called Bug Heartbleed in the OpenSSL library.
While the Heartbleed affects only OpenSSL in 1.0.1 and 1.0.2-beta only, version 1,01 is already everywhere. And since Secure-Socket Layer (SSL) encryption and Transport Layer Security (TLS) are at the heart of Internet security, this security gap can be described as extremely critical.
The flaw can potentially be used to reveal not only the content of an encrypted message, such as a transaction with credit card via HTTPS, but also the SSL primary and secondary keys themselves. This data could then, in theory, be used as an anti-key and bypass secure servers without leaving any trace of the website being compromised.
This error is not a problem with OpenSSL's native design. It's an implementation problem. We could say that it is the result of a programming error. There is already a bug fix of 1,01 OpenSSL, and developers are continuing to fix 1.02 beta.
CloudFlare, an online security company, revealed the details in a post at her blog. The publication describes the security gap and that they have fixed the error. They seem to have used the methods described by OpenSSL. Unfortunately, for all others, the method was not ready for broad development.
According to a senior security technician from a large operating system company, “The main problem with CloudFlare was that it provided its own solution before a patch was released to the public. We are not opening a door and we are not waving a red flag before the patches that fix the problem are released. ”
Currently, the developers of Red Hat, Debian, SuSE, Canonical and Oracle, are working feverishly to develop patched versions of OpenSSL. It is expected that they may take about 12 hours to prepare. Stay tuned if you're using OpenSSL 1.01 or 1.02 because you'll need to install the update as soon as it's released.