OpenSSL: Are you patched?
We all heard and read news about the “Heartbleed” bug in OpenSSL on various websites. A common misperception is that the Heartbleed only affects “secure” web servers, and most websites have already been patched. Without many of us even being informed, this bug also affects our personal devices, including networking devices, home automation systems, smart phones, mobile apps, etc.
When the vendors of the majority of affected devices, services and apps will address this vulnerability is not known. Due to a wide number of devices and services that rely on OpenSSL, it is likely that not all of them will ever be patched. OpenSSL developers have now also received flak for the buggy codebase that is “beyond a fix”.