Hey there! any question in your mind? Ask It Now!.

Popular Categories

What is HeartBleed virus? how can it affect my code?

+4 votes
asked in Programming by duke Expert (5,813 points)
edited by Bhartesh
Hello guys I want to know about heart bleed virus what is it how its works and I have a WordPress blog ,it may affect on my blog also???
If yes so please tell me the way to handle this virus .thanks for helping ...

3 Answers

+2 votes
answered by jatin Expert (3,823 points)
From the last few days every one is talking about this topic, First of all I would like to inform you Heartbleed not a virus its a BUG.
Heartbleed has already been exploited by hackers in China,accordingly News and some of blogs Mashable published a report that shows the passwords on websites that one needs to change right away.
Some of experts views:
The Heartbleed Bug is a vulnerability in the OpenSSL cryptographic library that allows attackers to invisibly read sensitive data from a web server. This potentially includes cryptographic keys, usernames, and passwords.
+1 vote
answered by ramesh (630 points)
Heartbleed is a bug in OpenSSL cryptographic software library, that is a open source library and this bug may cause of leek of security,
Many sites like facebook, google has been effected from this bug So you should change your all password to be save.
this Bug is in the OpenSSL's implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server.
0 votes
answered by swag31 (1,430 points)
Heartbleed is some information leak over the heartbeat channel of SSL. All of the examples you see are of things being stolen are of bad clients connecting to servers.

However, the heartbeat channel goes two ways. There's no reason that a bad server can't pull information from a client. This however, requires the application to connect to the bad server. If there's no way for client to connect to a bad server, there's no way for the bug to affect your software. So if, say, all your code does is post status updates on facebook, you're not connecting to a malicious server. If your app is a web browser, you connect to random things and need to make sure the version of OpenSSL is vulnerable.

Now, one mitigating factor is that you may not be using OpenSSL. If you're just using Java code, you're using the OS provided crypto and that's probably not affected. If you're using NDK you have to worry about any bundled OpenSSL.

Related Questions

+8 votes
1 answer 427 views
+1 vote
1 answer 95 views
+3 votes
1 answer 410 views
0 votes
1 answer 125 views
+7 votes
1 answer 516 views
+5 votes
1 answer 149 views
asked in Programming by mannu (990 points)
+7 votes
8 answers 7,422 views

Not a Member yet?

Ask to Folks Login

My Account
443 Folks are online
2 members and 441 guest online
Your feedback is highly appreciated