Tag Archives: OpenSSL

NFN users and NFN4Good site owners secure from Heartbleed bug on Open SSL

The good news first, our system administrator , Warren Anderson, reported earlier: “

Warren Anderson Presidents Award 2014“The “Heartbleed” bug affects OpenSSL versions 1.01 and 1.02. Naples Free-Net does not use the affected software. External tests have shown that we are not vulnerable.”

In other words, NFN users information is securely stored and was not exposed.

Mashable posted: The Heartbleed Hit List: The Passwords You Need to Change Right Now

Thank you to Steve Hart, who allowed us to use his article, published this morning on Relevanza.

Heartbleed bug on OpenSSL is an open wound

You’ve no doubt read about the Heartbleed bug that could affect websites using OpenSSL encryption for secure services – like financial transactions.

There is certainly no shortage of posts about the bug and it presents potential danger for some websites. An estimate published by ARStechnica suggests approximately 600,000 of a reported 28 million servers and other devices responding to a SSL connection request remained vulnerable to the Heartbleed bug. That estimate was made April 8th and at the time it was suggested a third of all servers had received a security patch to fix the vulnerability.

Other estimates suggest two-thirds of all servers dependent on OpenSSL have the potential to be affected.

OpenSSL is an open-source system of software networks which works to encrypt just over half of all websites which need secure connections to do business. SSL stands for Secure Sockets Layer and if your website URL adds an “s” to the http preface on the URL – https – you are probably using OpenSSL.

HeartbleedThe Heartbleed bug, as it’s come to be called, is a recently discovered vulnerability in the software that could allow hackers to access sensitive, important encrypted information such as passwords or, even, credit card numbers on the way from your computer to the web site using the data. There is currently no way to know if any particular site has been exploited because of the flaw but companies are moving very quickly to make patches and mend the flaw.

There are at least two sites (probably others) website users can go to check a site for vulnerabilities. One site is was set up by the security firm, LastPass. Another site was set up by Filippo Valsorda, Twitter and GitHub and can be found here.

Links reading more:

Photo: The Mothership by Trey Ratcliff, StuckinCustoms.com