{"id":414,"date":"2014-04-10T04:11:44","date_gmt":"2014-04-10T04:11:44","guid":{"rendered":"http:\/\/www.encoders.co.in\/blog\/?p=414"},"modified":"2025-04-29T14:57:00","modified_gmt":"2025-04-29T09:27:00","slug":"heartbleed-the-new-terror","status":"publish","type":"post","link":"https:\/\/www.encoders.co.in\/blog\/seo\/heartbleed-the-new-terror","title":{"rendered":"“Heartbleed” The New Terror"},"content":{"rendered":"

The Heartbleed<\/strong><\/h2>\n

Security researchers have discovered a serious vulnerability in OpenSSL, the cryptographic software library that encrypts and protects many web sites data.<\/p>\n

The Heartbleed bug \u2013 so called because it exploits a failure in an extension called heartbeat \u2013 not only lets attackers read the confidential encrypted data; it also allows them to take the encryption keys used to secure the data. That means that even servers which fix the bug, using a patch supplied by OpenSSL, must also update all their keys or risk remaining vulnerable.<\/p>\n

What it do?<\/strong><\/p>\n

Heartbeat allows a connected Web client or application\"heart-bleed\"<\/a> to send messages to keep a connection active during a transfer of data. When a Heartbeat message is received, the server usually simply echoes back what it got to the sender.<\/p>\n

To Secure Your Server Against the Heartbleed Vulnerability<\/strong><\/p>\n

    \n
  1. Edit the file\u00a0\/etc\/yum.repos.d\/CentOS-Base.repo<\/code>, and change the following highlighted lines:\n
    #released updates<\/span>\r\n[updates]<\/span>\r\nname=CentOS-$releasever - Updates<\/span>\r\nmirrorlist=http:\/\/s2plmirror01.prod.sdl2.secureserver.net\/download\/mirrors\/cos-$releasever-updates.$basearch<\/span>\r\nfailovermethod=priority<\/span>\r\n#baseurl=http:\/\/mirror.centos.org\/centos\/$releasever\/updates\/$basearch\/<\/span>\r\ngpgcheck=1<\/span>\r\ngpgkey=file:\/\/\/etc\/pki\/rpm-gpg\/RPM-GPG-KEY-CentOS-5<\/span><\/pre>\n
    to<\/p>\n
    #released updates<\/span>\r\n[updates]<\/span>\r\nname=CentOS-$releasever - Updates<\/span>\r\n#mirrorlist=http:\/\/s2plmirror01.prod.sdl2.secureserver.net\/download\/mirrors\/cos-$releasever-updates.$basearch<\/span>\r\nfailovermethod=priority<\/span>\r\nbaseurl=http:\/\/mirror.centos.org\/centos\/$releasever\/updates\/$basearch\/<\/span>\r\ngpgcheck=1<\/span>\r\ngpgkey=file:\/\/\/etc\/pki\/rpm-gpg\/RPM-GPG-KEY-CentOS-5<\/span><\/pre>\n<\/li>\n
  2. Clean the yum repositories on the server by running the following command:\n
    yum clean all<\/span><\/pre>\n<\/li>\n
  3. Update OpenSSL on the server by running the following command:\n
    yum update openssl<\/span><\/pre>\n
    This installs version openssl-1.0.1e-16.el6_5.7.<\/li>\n
  4. Confirm the update was installed successfully by running the following command:\n
    openssl version -a<\/span><\/pre>\n
    The output will display the following:<\/p>\n
    'built on: Tue Apr 8 02:39:29 UTC 2014'<\/span><\/pre>\n
    Additionally the fix can be confirmed that it is in place by running the following command:<\/p>\n
    rpm -q --changelog openssl | head<\/span><\/pre>\n
    The first few lines will show the following:<\/p>\n
    'fix CVE-2014-0160 - information disclosure in TLS heartbeat extension'<\/span><\/pre>\n<\/li>\n
  5. Restart Apache or any other web server which is currently installed on the server, this will allow the new version of Open SSL to be used.<\/li>\n
  6. Edit the file\u00a0\/etc\/yum.repos.d\/CentOS-Base.repo<\/code>, and change the following highlighted lines to revert it to the original version:\n
    #released updates<\/span>\r\n[updates]<\/span>\r\nname=CentOS-$releasever - Updates<\/span>\r\n#mirrorlist=http:\/\/s2plmirror01.prod.sdl2.secureserver.net\/download\/mirrors\/cos-$releasever-updates.$basearch<\/span>\r\nfailovermethod=priority<\/span>\r\nbaseurl=http:\/\/mirror.centos.org\/centos\/$releasever\/updates\/$basearch\/<\/span>\r\ngpgcheck=1<\/span>\r\ngpgkey=file:\/\/\/etc\/pki\/rpm-gpg\/RPM-GPG-KEY-CentOS-5<\/span><\/pre>\n
    to<\/p>\n
    #released updates<\/span>\r\n[updates]<\/span>\r\nname=CentOS-$releasever - Updates<\/span>\r\nmirrorlist=http:\/\/s2plmirror01.prod.sdl2.secureserver.net\/download\/mirrors\/cos-$releasever-updates.$basearch<\/span>\r\nfailovermethod=priority<\/span>\r\n#baseurl=http:\/\/mirror.centos.org\/centos\/$releasever\/updates\/$basearch\/<\/span>\r\ngpgcheck=1<\/span>\r\ngpgkey=file:\/\/\/etc\/pki\/rpm-gpg\/RPM-GPG-KEY-CentOS-5\r\n\r\n<\/span><\/pre>\n<\/li>\n
  7. Re-key any SSLs your server uses.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"
    The Heartbleed Security researchers have discovered a serious vulnerability in OpenSSL, the cryptographic software library that encrypts and protects many […]<\/p>\n","protected":false},"author":1,"featured_media":1586,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[1],"tags":[],"class_list":["post-414","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-seo"],"_links":{"self":[{"href":"https:\/\/www.encoders.co.in\/blog\/wp-json\/wp\/v2\/posts\/414","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.encoders.co.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.encoders.co.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.encoders.co.in\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.encoders.co.in\/blog\/wp-json\/wp\/v2\/comments?post=414"}],"version-history":[{"count":3,"href":"https:\/\/www.encoders.co.in\/blog\/wp-json\/wp\/v2\/posts\/414\/revisions"}],"predecessor-version":[{"id":419,"href":"https:\/\/www.encoders.co.in\/blog\/wp-json\/wp\/v2\/posts\/414\/revisions\/419"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.encoders.co.in\/blog\/wp-json\/wp\/v2\/media\/1586"}],"wp:attachment":[{"href":"https:\/\/www.encoders.co.in\/blog\/wp-json\/wp\/v2\/media?parent=414"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.encoders.co.in\/blog\/wp-json\/wp\/v2\/categories?post=414"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.encoders.co.in\/blog\/wp-json\/wp\/v2\/tags?post=414"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}