Apr 102014
 

What is the Heartbleed Bug?

The Heartbleed Bug is a serious vulnerability in the OpenSSL software. SSL/TLS provides communication security and privacy over the Internet for applications such as websites, emails, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content.

For a more detailed explanation go and read http://heartbleed.com/

How do i stop the leak?

You need to update to the latest version of OpenSSL and restart all services that use it.

How can i check if my server or a site i visit is still vulnerable

There are several sites where you can check, i recommend https://www.ssllabs.com/ssltest/index.html as it tests more than just the heartbleed bug.
There is also http://filippo.io/Heartbleed/

All my servers have been patched and the SSL certificates have been replaced.