Hey there! any question in your mind? Ask It Now!.

Popular Categories





What is HeartBleed virus? how can it affect my code?

+4 votes
131 views
asked in Programming by duke Expert (5,813 points)
edited by Bhartesh
Hello guys I want to know about heart bleed virus what is it how its works and I have a WordPress blog ,it may affect on my blog also???
If yes so please tell me the way to handle this virus .thanks for helping ...

3 Answers

+2 votes
answered by jatin Expert (3,823 points)
From the last few days every one is talking about this topic, First of all I would like to inform you Heartbleed not a virus its a BUG.
Heartbleed has already been exploited by hackers in China,accordingly News and some of blogs Mashable published a report that shows the passwords on websites that one needs to change right away.
 
Some of experts views:
The Heartbleed Bug is a vulnerability in the OpenSSL cryptographic library that allows attackers to invisibly read sensitive data from a web server. This potentially includes cryptographic keys, usernames, and passwords.
+1 vote
answered by ramesh (630 points)
Heartbleed is a bug in OpenSSL cryptographic software library, that is a open source library and this bug may cause of leek of security,
Many sites like facebook, google has been effected from this bug So you should change your all password to be save.
 
this Bug is in the OpenSSL's implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server.
 
0 votes
answered by swag31 (1,430 points)
Heartbleed is some information leak over the heartbeat channel of SSL. All of the examples you see are of things being stolen are of bad clients connecting to servers.

However, the heartbeat channel goes two ways. There's no reason that a bad server can't pull information from a client. This however, requires the application to connect to the bad server. If there's no way for client to connect to a bad server, there's no way for the bug to affect your software. So if, say, all your code does is post status updates on facebook, you're not connecting to a malicious server. If your app is a web browser, you connect to random things and need to make sure the version of OpenSSL is vulnerable.

Now, one mitigating factor is that you may not be using OpenSSL. If you're just using Java code, you're using the OS provided crypto and that's probably not affected. If you're using NDK you have to worry about any bundled OpenSSL.

Related Questions

0 votes
0 answers 107 views
+8 votes
1 answer 420 views
+1 vote
1 answer 87 views
+3 votes
1 answer 364 views
0 votes
1 answer 247 views
0 votes
1 answer 99 views
+7 votes
1 answer 503 views

Not a Member yet?

Ask to Folks Login

My Account
644 Folks are online
55 members and 589 guest online
Your feedback is highly appreciated