Test your server for Heartbleed (CVE-2014-0160):
BBC News:
The bug in OpenSSL was discovered by researchers working for Google and security firm Codenomicon.
In a blog entry about their findings the researchers said the "serious vulnerability" allowed anyone to read chunks of memory in servers supposedly protected with the flawed version of OpenSSL. Via this route, attackers could get at the secret keys used to scramble data as it passes between a server and its users.
"This allows attackers to eavesdrop [on] communications, steal data directly from the services and users and to impersonate services and users," wrote the team that discovered the vulnerability. They called it the "heartbleed" bug because it occurs in the heartbeat extension for OpenSSL.
The bug has been present in versions of OpenSSL that have been available for over two years. The latest version of OpenSSL released on 7 April is no longer vulnerable to the bug.
'via Blog this'
