OpenSSL Heartbleed Security Bug

OpenSSL Heartbleed Security Bug "Massive"

Bleeding private data since 2012. Discovery of a memory leak bug in OpenSSL means that each and every internet user is likely to have been affected either directly or indirectly. Dubbed the “Heartbleed Bug”, this vulnerability allows stealing of information that usually would be encrypted by a secure SSL/TLS session over the internet. Everyday Bitcoin client operation does not directly use OpenSSL, however, the Bitcoin Core 0.9.0 (and each prior version) uses OpenSSL for remote procedure calls (RPC) via https. New functionality introduced in version 0.9.0 is the ability to fetch payment....


Related News

CCN Week in Review: Heartbleed, Sidechains, Bitcoin Investments, and More

This week on CCN, we learned about the massive Heartbleed bug, the potential future of Bitcoin with sidechains, SecondMarket's new bitcoin investment fund, exciting new Bitcoin services, and more. Check out some of our top stories this week (7 April - 13 April) on this CCN Week in Review. [youtube http://www.youtube.com/watch?v=WHbL4xmbGts?rel=0]. Hacker Exploits Heartbleed Bug in BTCJam Heist. A programming error in OpenSSL versions 1.0.1 - 1.0.1f is causing panic across the Internet. Heartbleed is a very serious vulnerability in the OpenSSL cryptographic library. OpenSSL is used....

Two Major OpenSSL Vulnerabilities Identified, Patch Coming Soon

Just last year, a major vulnerability in the OpenSSL protocol caused a lot of concern for internet traffic all around. Not only are nearly all sites protected by OpenSSL, but various web apps and other third-party platforms rely on this security standard as well. And even though heartbleed had been fixed for a while now, there are other vulnerabilities that need to be patched sooner rather than later. On Thursday – two days from the time of publication – a new version of OpenSSL will be released to the public that contains two major vulnerability patches. Considering the fact that most....

Bitcoin Exchanges React to OpenSSL Heartbleed Bug

Over the past twelve hours, there web has been abuzz with news of an OpenSSL (an encryption library in use by many sites on the web) bug that has been deemed rather serious. As a primer, a description from Heartbleed.com: The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data....

Bitcoin Core Version 0.9.1 Fixes Heartbleed Vulnerability

Bitcoin Core Version 0.9.1 is out and it has addressed the Heartbleed OpenSSL vulnerability, also known as CVE-2014-0160. The vulnerability has been patched by major bitcoin exchanges in a matter of hours. In case you missed it, Heartbleed is a pretty big deal in the security community. The crypto bug in OpenSSL (an open-source implementation of the SSL and TLS internet security protocols that encrypt and secure internet traffic) has opened up two thirds of the web to eavesdropping. It was uncovered earlier this week and many observers described it as nothing short of catastrophic. Bitcoin....

Major Security Flaw 'Heartbleed' Puts Critical Services at Risk

Over half the internet could have been compromised by a two-year-old security flaw that also could affect a number of online bitcoin services, it was revealed today. The vulnerability, named 'Heartbleed', affects versions of OpenSSL, an open-source implementation of the SSL and TLS internet security protocols that encrypt and secure internet traffic, including: passwords, messages, e-commerce and banking, and other sensitive data including Virtual Private Networks (VPNs). OpenSSL is the most popular software library used for this purpose. Two years old. The Heartbleed flaw has reportedly....