Canadian Information Site for the
OpenSSL heartbeat vulnerability
(actively monitoring the issue since April 7, 2014)
Recent News: Are 300,000 servers still vulnerable? Industry faces renewed concerns over the vast exploitation that could have taken place during the second month in which less than 3% of vulnerable servers were patched. [errata blog]
> are government computers mostly harmless at this point?
The Other Thing: Just when we thought the worst of Heartbleed was over, the OpenSSL Foundation released OpenSSL Security Advisory [05 Jun 2014] indicating that a newly-discovered flaw in OpenSSL can enable man-in-the-middle attacks where the attacker can decrypt and modify traffic from the attacked client and server [info] [FAQ] [summary] [patch info]
> News & trending links continue to be autoupdated live.
Older News: silly implementation mistakes, hundreds of thousands of servers still vulnerable, including government departments and agencies.
Most sites have by now been patched against Heartbleed, but a "reverse Heartbleed" vulnerability still affects Android 4.1.1 and numerous other devices and mobile apps.
> Find the best Heartbleed tools (including Reverse Heartbleed) here.
Remember when this was news?:
> are government computers mostly harmless at this point?
The Other Thing: Just when we thought the worst of Heartbleed was over, the OpenSSL Foundation released OpenSSL Security Advisory [05 Jun 2014] indicating that a newly-discovered flaw in OpenSSL can enable man-in-the-middle attacks where the attacker can decrypt and modify traffic from the attacked client and server [info] [FAQ] [summary] [patch info]
> News & trending links continue to be autoupdated live.
Older News: silly implementation mistakes, hundreds of thousands of servers still vulnerable, including government departments and agencies.
Most sites have by now been patched against Heartbleed, but a "reverse Heartbleed" vulnerability still affects Android 4.1.1 and numerous other devices and mobile apps.
> Find the best Heartbleed tools (including Reverse Heartbleed) here.
Remember when this was news?:
- That the NSA buys zero-day exploits from mercenary hackers is old news. But are they sitting on any Heartbleed-size whoppers?
- CRA website again open for business, extents tax filing deadline but 900 social insurance numbers did get stolen!
- NSA denies ever taking advantage of Heartbleed bug
- Canadian banks have an opportunity to boost security for online banking
- Hardware companies scrambling to patch Heartbleed
- Are any Canadian companies are still vulnerable to the OpenSSL bug?
The OpenSSL heartbeat bug ("Heartbleed") has been described as "catastrophic".
What exactly does that mean?
That depends on whether you are a user or have a website that uses encryption.
Heartbleed.ca separates the wheat from the chaff for you, staying
updated as more information becomes available from trusted sources.
Either way, don't panic...
There are far worse things to worry about than a software bug.
For starters, here's
What exactly does that mean?
That depends on whether you are a user or have a website that uses encryption.
Heartbleed.ca separates the wheat from the chaff for you, staying
updated as more information becomes available from trusted sources.
Either way, don't panic...
There are far worse things to worry about than a software bug.
For starters, here's
Where do you want to go from here? For trending, real-time news, click the Twitter button at the top of this page. Enjoy the links and the info pages: for users | for businesses.
