Is Your SSL Site Secure from the Heartbleed bug?
HL News • April 9, 2014
If your site is using Open SSL technology then it may be affected by the “Heartbleed bug”. Two-thirds of the secure sites on the internet are running Open SSL and the heartbeat extension was enabled on about 18% of the sites. Netcraft says that amounts to about 500,000 sites. This bug lets hackers view some of the memory on an affected server. This allows them to view encrypted traffic including names, passwords and content.
According to Netcraft.com “a missing bounds check in the handling of the TLS heartbeat extension” allowed the hackers to view the memory of the server. This bug effects Apache and nginx servers as well as any other servers than run Open SSL with heartbeat enabled.
Even the big websites are affected. On Tuesday Yahoo properties such as Yahoo mail, Yahoo Homepage, and Tumblr were found vulnerable. Digg which is Google owned was also vulnerable. All of these websites have since been fixed. Tumblr recommends that you change your passwords.
The official Heartbleed site has a test available to see if your server is vulnerable to the bug.