Heartbleed Exploit

HeartBleed is a newly found OpenSSL exploit. It has been getting a lot of attention in the last few weeks because it leaves a large security hole on the majority of encrypted websites on the internet.

When accessing a secure Server that is using OpenSSL your computer will request a “Heart beat” to verify that there is a active connection to the server. This is accomplished by sending a piece of data of a specific size to the server to which you are connected and requesting that it be sent back to your computer.

The problem is that with this vulnerability someone can send a heartbeat request to a server but claim that the heart beat request is much longer than it actually is. The server will just assume that the the size of the request is accurate. And instead of sending back just the response, it will send back the response along with more information that is currently stored in the Servers buffer until it is the size that the original message claimed to be.

This is a very dangerous exploit that allows a attacker a look into the the servers buffer and see possible usernames and passwords among other things. Luckily the majority of Large companies like Google, Facebook, or banks had this patched as soon as this issue went public. It is very important that servers that send information over the internet have this exploit patched, because if they do not secure information on the server could be compromised.

We recommend you change your passwords for any important account, like for your bank or email. And verify that any server you own is patched as soon as possible.

Here is an Excellent video on the subject

Please contact our Network Support Team or call today at 314.333.3330 if you need help.