View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Protection against dangerous Heartbleed bug available

About two thirds of websites could be affected.

By Duncan Macrae

Qualys, a provider of cloud security and compliance solutions, has announced that its Qualys SSL Labs service detects the OpenSSL vulnerability disclosed as ‘HeartBleed’ (CVE-2014-0160).

The serious vulnerability was discovered in the open-source encryption software used in many of the world’s websites that could allow attackers to steal a variety of information unnoticed.

The ‘Heartbleed’ bug potentially allows access to the memory of systems that currently run one of several vulnerable versions of the OpenSSL cryptographic software library.

Administrators responsible for the security of websites can access the free tool at, enter a URL and find out on whether their site is vulnerable to the new threat, as well as get information about the overall health of the site’s SSL implementation. Qualys reports that traffic to the SSL Labs site has grown by an order of magnitude since the new vulnerability was announced recently.

For QualysGuard customers the HeartBleed issue also is detectable by the QualysGuard Vulnerability Management (VM) cloud service as QID 42430. This means that Qualys customers can get reports detailing their enterprise-wide exposure whenever they next scan their assets, which allows them to efficiently remediate the issue.

Ivan Ristic, director of engineering at Qualys and renowned SSL technology expert, said: "The HeartBleed vulnerability is easy to exploit and there are already many proof-of-concept tools available that one can use in minutes.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

"After a successful attack, the attacker can obtain a large chunk of server memory, which can contain server private keys, session keys, passwords and other sensitive data. IT administrators need to map their exposure and install the patched version wherever necessary."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.