Skip to main content

Open SSL Heartbleed bug - Patch Download - How to test whether a server's security is compromised.

What is Open SSL Heartbleed bug?
Open SSL is a widely used Open source encryption library that uses  Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols and various cryptography libraries to provide a robust and secure server environment. OpenSSL enables SSL and TLS encryption, which governs HTTPS the secure communications between your computer and the servers on the Internet. It is used by about 2/3 of the web servers in the world.

 OpenSSL vulnerability ("Heartbleed," CVE-2014-0160)
 Common Vulnerabilities and Exposures system (CVE) the dictionary of standardized identifiers for common computer vulnerabilities and exposures identifies Heartbleed bug as  CVE-2014-0160 (Ref : ). On April 7, 2014 this shocking bug was discovered  in TLS heartbeat extension of OpenSSL by Neel Mehta of Google Security, which was too bad that enabled Cyber hackers to reach across the internet and silently steal passwords, crypto-keys, and other sensitive information from vulnerable systems. This vulnerability was the result of a programming error (or bug) in several versions of OpenSSL, ie, due to a missing bounds check in the handling of the Transport Layer Security (TLS) heartbeat extension
This tiny flaw in the most widely used encryption library allows any attackers to secretly access any  vulnerable systems, from your bank's HTTPS server to your private VPN, to steal passwords, login cookies, private crypto-keys and many more.

At its worst, Heartbleed allowed potential access to a private key for an SSL certificate as well as the encrypted communication itself. This basically means that any individual with the knowledge and skills required to exploit this vulnerability, had a window to grab your user names, passwords and any private information you may have accessed with practically any of your online services that utilize the affected versions of the OpenSSL toolkit.

The Heartbleed bug which is a  severe memory handling error  allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. The bug lies in OpenSSL's implementation of the TLS heartbeat extension. Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1. Affected users should upgrade to OpenSSL 1.0.1g. The process for patching this vulnerability includes updating OpenSSL, and restarting all services that are reliant on the OpenSSL libraries.

Users unable to immediately upgrade can alternatively recompile OpenSSL with:


How Heartbleed bug exploited by hacker?
The heartbleed bug is exploited by sending a malformed heartbeat request with a small payload and large length field to the server in order to elicit the server's response permitting attackers to read up to 64 kilobytes of server memory that was likely to have been used previously by SSL. Where a Heartbeat Request might ask the server to "send back the four-letter word 'bird'", resulting in a server response of "bird", a malicious Heartbleed Request of "send back the 500-letter word 'hat'" would cause the server to return "hat" followed by whatever 497 characters the server happened to have in active memory. Attackers in this way could receive sensitive data, compromising the security of the server and its users...Wikipedia

Download patch for Heartbleed bug
Bug may impact versions of OpenSSL 1.0.1 on Linux Operating Systems to include: Debian, RHEL, Fedora, Ubuntu, and CentOS.   Vulnerable servers must be patched with an updated version of openssl and any services using openssl libraries must be restarted.

A fixed version of OpenSSL was released on April 7, 2014, at the same time as Heartbleed was publicly disclosed. The patch was added by Adam Langley and Bodo Moeller.

Popular webservices has updated servers with Heartbleed patch.

Get Patch from here:;a=commitdiff;h=731f431497f463f3a2a97236fe0187b11c44aead;a=commitdiff;h=96db902

Online Vulnerability Test services
You may check  whether your server is affected by  Heartbleed bug by using any of the below given online services:

As a matter of security it is recommended that you change Passwords of your Email or any other online services that you are using.

For more details visit:

Read more about  Heartbleed bug
Read from Wiki :

Visit Open SSL website:


Linux distribution response

Popular posts from this blog

Payback Points - How to redeem - How to merge multiple payback accounts - Block Payback card - Payback customer care

Your SBI Debit card ending with XX0000 is deactivated only for Internet txn.

SBI account holders may have received an SMS with following message, supposed to be from State Bank of India (SBI).

Your SBI Debit card ending with XX0000  is deactivated only for Internet txn. To activate send SMS "SWON ECOM 0000" to 09223966666. No change for ATM/POS usage
** Replace the four Zeros with last 4 digits of your debit card number

Recently many of the SBI account holder has losed their money due to a hi-tech ATM robbery which happened in Thiruvananthapuram, capital city of Kerala.

How to turn off BSNL Buzz services - Steps to deactivate BSNL Buzz messages

BSNL Buzz is a service from BSNL for mobile customers, in which when your phone is in idle mode, teasers or small buzz messages related to topics like entertainment, lifestyle, sports, business, fun, polls, daily news updates are delivered to your mobile. When you activate a BSNL SIM card, through which BSNL BUZZ is available, you automatically accept the terms and conditions for teaser delivery.

Recently, I bought a new BSNL SIM card. After the activation, when ever I unlock the phone, I was getting lots of buzz message one after another. I have to click on cancel / back button multiple time to view the home screen. Some times when some call arrives, it was difficult to attend calls due to this teaser popups. So I decided to deactivate the BSNL buzz. Here are the steps to Deactivate or Turn Off BSNL Buzz.

Urgent Openings for PHP trainees, Andriod / IOS developers and PHP developers in Kochi Trivandrum Calicut and Bangalore. Please Send Your updated resumes to   Read more »
Search This Blog