Heartbleed Bug: The bare facts, and the (mostly) simple solution.

Heartbleed is not a virus, but a software bug.

The Facts:

Heartbleed is an exploitable bug in the way that servers running OpenSSL with the heartbeat feature can securely communicate with devices requesting information over the internet.  The best simple description for Heartbleed that I’ve seen was done by Randall Munroe of XKCD.

Fixing Heartbleed is a two step process.  First, you patch the bug in the software, then you protect any potentially compromised information.

Who needs to patch their systems?

  • Workstations, laptops, tablets, and phones are mostly unaffected, with some exceptions:   Android version 4.1.1 phones, Cisco VOIP desk phones, some software products, including VPNs, VMware,Oracle,
  • Most servers will be fine, only servers using OpenSSL and the heartbeat feature should be affected.

If you think you are affected, or a vendor has sent you a notification that