Lately everyone in the last weeks have heard of OpenSSL and its vulnerability called Heartbeat. The video below describes clearly the actual vulnerability but not the reason we should care, so here are some questions i had and the answers i found.
What is OpenSSL? It is an open-source cryptographic library and TLS implementation used widely.
Define widely? Well it is the default encryption engine for Apache and nginx that according to internet stats runs 60% to 70% of the Internets websites. Also some Operating Systems like (Ubuntu, CENTOS, Fedora) and other distributions of Linux uses it as well.
Seems pretty big but i do not have a website? Having or not a website does not mean that you have not been affected, as you use the web daily and your sensitive data may have been compromised. For example Pinterest one of the biggest social networks send an email about this bug and requested a password reset.
We were quick to fix the issue on Pinterest, and we didn’t find any evidence of mischief on Pinner accounts as a result. But to be extra careful, we’re asking you to reset your password.
So everyone should be really careful, review their accounts and sensitive data, even my host and my CDN network provider sent me an email about this vulnerability so the reach is certainly global regarding this breach.
PS. If you are curious to check if your website or another website (host-name) is vulnerable you can check it here: http://filippo.io/Heartbleed/