The Bleeding Heart Bug

The Heartbleed bug (CVE-2014-0160) was publicly disclosed on Monday and affects specific versions of the OpenSSL application. OpenSSL is a generally used open-source implementation of the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) Cryptographic method and is used on about 66% of all public websites. The bug has been present in the software since December 2011.

The bug is not a weakness in SSL/TLS itself, but rather is bug in OpenSSL implementation of it that can potentially allow attackers to access the unencrypted data stored within a server’s memory. With enough data, an attacker can find out your server encryptions keys, your passwords and any other information passed over the communication. The attackers can then use the compromised keys to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

Who are vulnerable?

Because of the widespread adoption of the OpenSSL software and the ability to be attacked without leaving a trace, it means that we are all vulnerable because you can’t tell if your data has been compromised.

Not only websites are vulnerable, as many hardware and software vendors implement use OpenSSL in their products. Cisco and Juniper has listed advisories warning of the bug in their products.

What should you do?

All businesses, website owners and users of affected services should take action on this bug.

Step 1: Determine if any of your servers may be affected.

You can use the check script on Filippo Valsorda’s web site to check your public services.

Check with vendors if any of your internal services may be affected.

C|NET has a list of the top 100 sites around the web to determine if they have been patched or may be affected

Website owners with their sites on hosted services should check with their service provider if they have taken action on the bug and if they were ever vulnerable.

Step 2: Patch services for which you are able to patch yourself.

These include any owned servers or virtual servers that you use, or internal, private servers or devices.

Step 3: Re-Key your SSL Certificates

This involves regenerating and reinstalling the private keys on your servers. While the risk may be small, the fact that you will not know if your key was compromised, this is a recommended precautionary step.

Step 4: Change your passwords

It’s important that you change any passwords that you may have on any of the affected systems AFTER you have patched OpenSSL and re-keyed your certificates. Doing so before you performed the prior steps means that if your keys were compromised, an attacked would be able to discover your new passwords.

If you are a service user and don’t run any services yourself, find out from the provider if they were vulnerable and if they patched their services (or use the check script in Step 1).

Don’t Panic

While the bug is serious, it’s important to not panic. Keep a clear head and follow the steps.

For more information about the bug and to keep updated check out heartbleed.com.

Original article: Don't let it ruin your day'">The Heartbleed Bug: What is it and what to do about it Don't let it ruin your day

©2025 Interxect Services Limited. All Rights Reserved.

Security researchers have released details about a vulnerability in the MySQL server that could allow potential attackers to access MySQL databases without inputting proper authentication credentials.

The vulnerability occurs only on *NIX based systems and Microsoft Windows systems are not affected by this vulnerability.

No official patch is available for MySQL 5.0.x, because that version of thedatabase server is no longer supported by Oracle. However, some Linux vendors might backport the patch from MySQL 5.1 or 5.5. This also affects people with personal blogs on private Linux hosts that use MySQL back-ends for web applications such as WordPress, Joomla and Drupal.

Any Internet accessible MySQL database is extremely vulnerable, and those in security circles are warning of a wave of attacks. To reduce the risk, configure your MySQL databases to accept connections from only authorised IP addresses and try not to allow any public IPs access to the databases.

Original article: MySQL Vulnerability Allows Attackers to Bypass Password Verification

©2025 Interxect Services Limited. All Rights Reserved.

After many months in development, Interxect Services has finally launched our website and we could finally get rid of that “Coming Soon” page. We really like the layout and hope you do to.

There is still more to come, such as articles and whitepapers, so check back regularly. Please sign up for our newsletter so that you may be updated on new and interesting developments that may benefit you.

Feel free to contact us to let us know what you think.

Original article: Website Launched!

©2025 Interxect Services Limited. All Rights Reserved.