Wednesday, April 9, 2014

HeartBleed May 'Broken Your Heart' as Data Leaks

Recent OpenSSL bug called Heartbleed (CVE-2014-0160) causing million of website in trouble. Heartbleed test developed by Filippo Valsorda has been release as open source. I just give some play around with Heartbleed.

BTW, What is Heartbleed bug? Heartbleed bug is actually vulnerability on OpenSSL cryptography library that cause any user to read system memory (Affected on vulnerable version only).

Dalam bahasa Malaysianya, ia adalah kelemahan yang terdapat pada library kriptografi perisian OpenSSL yang membolehkan pengguna luar membaca sistem memori (terjejas pada versi tertentu sahaja).

As I giving test to several Malaysia website, most critical organisation website exposed to this vulnerability including government.


Filippo also provide a website for you to test your webserver and if it is vulnerable you will get message like image below:


Alternatively you can access to Malaysia honeynet heartbleed website to test your webserver:
http://heartbleed.honeynet.org.my/

Here some good advice how to protect yourself from heartbleed bug:
http://www.cnet.com/news/how-to-protect-yourself-from-the-heartbleed-bug/

References:
http://heartbleed.com/
https://github.com/FiloSottile/Heartbleed
http://filippo.io/Heartbleed
http://heartbleed.honeynet.org.my/
https://gist.github.com/harlo/10199638

~ alternat0r