The recent discovery of what's known as the 'Heartbleed' Bug in OpenSSL has caused great concern in the industry and you’ve no doubt heard about it by now. But what does it mean for you? Below are the simple steps you can take to resolve this issue. We advise you to complete these steps as soon as possible.

Heartbleed was caused by a flaw in OpenSSL, an open source code library that implemented the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. In short, a malicious user OpenSSL 'Heartbleed' vulnerability (CVE-2014-0160) | CISA OpenSSL versions 1.0.1 through 1.0.1f contain a flaw in its implementation of the TLS/DTLS heartbeat functionality. This flaw allows an attacker to retrieve private memory of an application that uses the vulnerable OpenSSL library in chunks of 64k at a time. OpenSSL Heartbeat (Heartbleed) Information Leak Apr 07, 2014

SSL Server Test . This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet. Please note that the information you submit here is used only to provide you the service. We don't use the domain names or the test results, and we never will. The Heartbleed Bug vulnerability is a weakness in the OpenSSL cryptographic library, which allows an attacker to gain access to sensitive information that is normally protected by the SSL and TLS protocols.

The site has to implement SSL in the first place – no SSL means no OpenSSL means no Heartbleed bug. The site has to be running OpenSSL. That rules out a significant chunk of the internet, including most IIS websites. The OpenSSL version has to be somewhere between 1.0.1 and 1.0.1f; anything older or newer and the bug isn’t present.

IS HEARTBLEED A VIRUS? Absolutely NO, It's not a virus. As described in our previous article, The … Transport Layer Security - Wikipedia The Heartbleed bug is a serious vulnerability specific to the implementation of SSL/TLS in the popular OpenSSL cryptographic software library, affecting versions 1.0.1 to 1.0.1f. This weakness, reported in April 2014, allows attackers to steal private keys from servers that should normally be protected. [277]