14
As a developer, I have to take some action regarding the Heartbleed? Being a problem in Openssl, I believe it is more within the scope of webmasters, server administrators, etc. But I’m not sure if that’s all it is (update Openssl and exchange all certificates and passwords) or if you have any more specific actions to take, or some detail we would have to pay attention to.
Contextualizing, for those who are not aware of the problem: a bug in Openssl was recently identified that allowed the attacker to access arbitrary memory regions on the server, all without the need for authentication and without leaving a trace. Certificates, private keys, passwords, personal data, nothing would be safe. It is being described as "the worst security breach in the history of the Internet", "on a scale of 1 to 10, that’s an 11", etc. On the site security.SE, the tag heartbleed
, created yesterday (2014-04-08), already has almost 50 questions. All this already gives an idea of the dimensions of this vulnerability, and why it deserves special attention at this time.
Since no one answers, I’ll at least comment on my point of view. From what I read about the bug, no specific action by the developer is required, but by the network or service infrastructure administrator. However, the information must be known to all those affected by the failure in a business (in this case, until the president), who must demand immediate correction. In fact, in many cases it will be the developer himself to solve the problem, if he is the type of professional who wears several hats at work and has the necessary permissions.
– utluiz
Best "visual explanation" for bug: http://xkcd.com/1354/
– Luiz Vieira
Curiosity: Heartbleed can do not allow, in fact, access to private keys.
– Guilherme Agostinelli
@Guilhermeagostinelli : depending on whether you use apache, ngix... In general, safely, it is better to sin for caution.
– woliveirajr
Related: What should a website?, Is Stack Exchange safe from Heartbleed? and What versions of OS X are affected by Heartbleed?
– brasofilo