We patched the OpenSSL on the Unseen.is site this morning for the Heartbeat Heartbleed security vulnerability. There haven’t been any reported issues, though the original report of what can be done with this vulnerability is potentially serious. Here’s a run down on the things that were broken with this bug, which affected about 2/3 of the internet:
When the bug is exploited the attacker can retrieve memory (up to 64kb) from the remote system. This memory may contain usernames, passwords, keys or other useful information that enables bigger attacks. An attacker may for example be able to retrieve the keys and secrets used to encrypt traffic and then intercept and read the communications of all other users of that service. There are all kinds of variations that might be possible based on the ability to read this memory. 64kb may not seem like a great deal of data, but of course the attacker can connect repeatedly and progressively collect more information. This is a serious problem indeed.