How to Fix the ‘Heartbleed’ Flaw?

 

A serious vulnerability was exposed by security researchers on April 7, 2014. A problem was discovered with the encryption technology used to securely transmit e-mail, social media posts, e-commerce transactions and other related Web traffic. This flaw is known as the ‘Heartbleed’flaw and has remained undetected for nearly 2 years.

This breach involves SSL/TLS, an encryption technology marked by the small, closed padlock and "https:" on Web browsers to signify that traffic is secure. The Heartbleed flaw allows anyone on the internet to read information secured by the vulnerable version of SSL/TLS known as OpenSSL.

How to fix this flaw

  • The Heartbleed flaw has affected those using OpenSSL-1.0.1x and OpenSSL-1.0.2x series (OpenSSL 1.0.1a to 1.0.1f and 1.0.2 Beta versions).
  • The corrective course of action to fix Heartbleed is to UPGRADE the OpenSSL version to OpenSSL-1.0.1g.
  • The other alternate fix is to RECOMPILE OpenSSL with “-DOPENSSL_NO_HEARTBEATS”
  • It is strongly recommended to change all log-in credentials like passwords, authentication keys etc.

How ViSolve fixed the Heartbleed flaw for its Clients

ViSolve’s clients are spread across industry domains such as banking, electronics and technology. To safeguard information assets and to prevent any security breaches, our enterprise team responded in quick time to fix the Heartbleed flaw.

For one of our client who is into banking, an upgrade to the OpenSSL-1.0.1g version was performed. Similarly for another client who is in the technology space, a recompilation of OpenSSL-1.0.1e was performed. Both of these were done within a couple of hours of knowing about the security flaw.

In order to eliminate this threat completely, servers using OpenSSL have to be replaced with new SSL certificates. All user credentials like passwords have to be changed along with additional security measures like two-step authentication.

About ViSolve

ViSolve is a consulting firm that provides Enterprise services like Cloud Deployment, Monitoring, Support and Security. More information about ViSolve can be found here. To know more about enhancing your data security, drop us an e-mail – services@visolve.com.

X

Related Link

What is Population Health Management
In a society, people are influenced by other people living there. Our life is interdependently weaved with everyone else. - Read More

Healthcare IT Enterprise IT