# Heartbleed Bug - Don't panic



## Slackrat (Apr 30, 2013)

.The latest Google Android disaster is known as the "Heartbleed Bug" (Although the Android OS is not the only vulnerable system or application)










Heartbleed Bug

But beware, most of the sites you may visit for information on this problem are overstating it in the hope of selling you a solution. Many are little better than outright SCAMS.

Insofar as your portable telephone and/or tablet devices are concerned:

Firstly, only version Android 4.1.1 is vulnerable to this OpenSSH problem.

Secondly, an attack is unbelievably difficult to set up - believe me; I tried it.

Thirdly, even having launched an attack, the probability of success is very low.

Why the name "Heartbleed"?
OpenSSL versions 1.0.1 through 1.0.1f contain a flaw in its implementation of the TLS/DTLS heartbeat functionality https://tools.ietf.org/html/rfc6520(RFC6520). This flaw allows an attacker to retrieve private memory of an application that uses the vulnerable OpenSSL libssl library in chunks of up to 64k at a time. Note that an attacker can repeatedly leverage the vulnerability to increase the chances that a leaked chunk contains the intended secrets.


----------

