+4 votes
792 views
in Programming by Expert (5.9k points)
edited by
Hello guys I want to know about heart bleed virus what is it how its works and I have a WordPress blog ,it may affect on my blog also???
If yes so please tell me the way to handle this virus .thanks for helping ...

3 Answers

+2 votes
by Expert (3.8k points)
From the last few days every one is talking about this topic, First of all I would like to inform you Heartbleed not a virus its a BUG.
Heartbleed has already been exploited by hackers in China,accordingly News and some of blogs Mashable published a report that shows the passwords on websites that one needs to change right away.
 
Some of experts views:
The Heartbleed Bug is a vulnerability in the OpenSSL cryptographic library that allows attackers to invisibly read sensitive data from a web server. This potentially includes cryptographic keys, usernames, and passwords.
+1 vote
by (630 points)
Heartbleed is a bug in OpenSSL cryptographic software library, that is a open source library and this bug may cause of leek of security,
Many sites like facebook, google has been effected from this bug So you should change your all password to be save.
 
this Bug is in the OpenSSL's implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server.
 
0 votes
by (1.5k points)
Heartbleed is some information leak over the heartbeat channel of SSL. All of the examples you see are of things being stolen are of bad clients connecting to servers.

However, the heartbeat channel goes two ways. There's no reason that a bad server can't pull information from a client. This however, requires the application to connect to the bad server. If there's no way for client to connect to a bad server, there's no way for the bug to affect your software. So if, say, all your code does is post status updates on facebook, you're not connecting to a malicious server. If your app is a web browser, you connect to random things and need to make sure the version of OpenSSL is vulnerable.

Now, one mitigating factor is that you may not be using OpenSSL. If you're just using Java code, you're using the OS provided crypto and that's probably not affected. If you're using NDK you have to worry about any bundled OpenSSL.

Not a Member yet?

Ask to Folks Login

My Account

Your feedback is highly appreciated