Geeks With Blogs
Confessions of an Evangelist

Here's What You Need to Know About the 'Heartbleed' Bug That's Attacking Millions of WebsitesLooking at the news today I came across an article about how the latest exploit Heartbleed has the tech community in a frenzy. This is a flaw in OpenSSL which is used to encrypt data communications between a client and a server. The server software OpenSSL is used to create an encrypted channel designed to protect data going back and forth. Because Microsoft is a proprietary company (although it seems they’ve heard the Open Source clarion and is going that way), it builds and licenses software that it sells to customers for use in their systems. It has therefore developed its own SSL technology and does not depend on open projects like this one. Instead it uses its own technology called SChannel to encrypt traffic.

The question of whether Azure or other Microsoft Servers are affected can be answered by saying that if you’re using Microsoft’s servers and technologies you should be ok. If you are running a Linux VM in Azure then you are not running a Microsoft Server, you’re running Linux, and you need to check if that OS uses OpenSSL and if it needs to be patched. If you are running software on Windows that uses OpenSSL instead of SChannel then you may be vulnerable.

You can check if your site is vulnerable by using one of several test services available, including Qualys SSL Labs. More information on the vulnerability can be found on the CERT site (CERT is a division of the Software Engineering Institute SEI that focuses on providing information about software vulnerabilities) http://www.kb.cert.org/vuls/id/720951.

Posted on Thursday, April 10, 2014 7:42 AM | Back to top

Copyright © Mike Benkovich | Powered by: GeeksWithBlogs.net