On Monday, OpenSSL, an open source toolkit implementing SSL v2/v3 and TLS v1 protocols has announced a new vulnerability that could be used to reveal up to 64Kb of memory to a connected client or server. Open says that missing bounds check in the handling of the TLS heartbeat extension, thus Heartbleed security bug is born.

OpenSSL users are encouraged to upgrade to versio 1.0.1g to be protected from this vulnerability. The bug fix provides an example disclosure policy. It helps to keep the internet safe by notifying the appropriate stakeholders of the problem and giving them a chance to fix the vulnerability before it goes public.

Read the rest of the news here: https://heartbleed.com/