Welcome Guest, Not a member yet? Register   Sign In
Questions on Heartbleed
#1

[eluser]Unknown[/eluser]
Body: Lately we built a Chrome Extension called Ballloon, which enables people to save any files on webpages they need directly and quickly to Dropbox or Googledrive.To guarantee the users' account safety, we chose to go Https, while, what makes us uptight is that there's a huge and severe bug living with OpenSSL, Heartbleed. We are grateful to anyone answeres my questions below:
1. How does Heartbleed work?
2. What can we do to avoid Heartbleed bug?
3. Should extensions like Ballloon keep free from Heartbleed, if yes, how ?

Thanks
#2

[eluser]boltsabre[/eluser]
1. Very simply, and I could be a little wrong, Heartbled allowed people to view OpenSSL data that was living in server RAM unencrypted.
2. Nothing as far as being website / extension / plugin developers, it's a server side problem. There is a patch that they should run that fixes this problem. You can check online (you'll have to google it, I don't have the URL) if the servers that you connect to (dropbox / drive) are safe from Heartbleed.
3. Sure... if you check the servers that you connect to and find out that they are NOT safe from Heartbleed it would be a VERY good idea to let your users know that. Would also be a good idea to drop the website in question an email too, let them know.

Edit:
Regarding question two. You should check if YOUR website (not sure about chrome extensions, never made one) server has been patched. Just contact your server provider, they will let you know what the status is regarding Heartbleed.




Theme © iAndrew 2016 - Forum software by © MyBB