Sunday, June 13, 2021

Test for Heartbleed

News about the Heartbleed vulnerability is spreading around the world, accelerated by today’s investigation by Revenue Canada that its systems might be compromised.

You can check your organization’s vulnerability, or any Web site by going to this site and entering the name of a domain or a URL to test.

Personal computers aren’t at risk unless they are acting as a server.

“The government’s is doing the right thing,” by shutting down its site, says James Arlen, Hamilton, Ont. -based senior security advisor at Leviathan Security Group.  “The bug permits the remote read of the contents of the server’s memory. Until it’s patched (and certificates reissued with new keys) there is a real risk of leaking the entire memory contents of the affected server.”

“Almost everybody who’s got SSL (secure socket layer) needs to apply the patch and generate a new private key,” he said. His firm has fielded many calls from concerned customers since Monday who needed the patch, he said. By now most have already fixed; the others need final testing.

According to a blog posted by Ivan Ristic of Qualys Inc., which posted the SSL Labs test, Heartbleed is the result of a coding error in the OpenSSL 1.0.1 code released in March 2012 that allows an attacker to trick an affected server into disclosing a large part of what’s in memory. It’s the OpenSSL’s implementation of the TLS (transport layer security)  ‘heartbeat’ mechanism — hence the name of the bug — which helps keep connections alive without continuous data transfer.

 

 

 

 

 

 

Would you recommend this article?

0
0

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News