ThunderNews has patched all SSL encryption channels and users are not at risk of the Heartbleed vulnerability.
The recently discovered security weakness allows evildoers to steal the information that is normally protected by the SSL/TLS encryption used to secure communication over the Internet.
It’s a serious flaw; OpenSSL is the standard library for driving SSL and TLS encryption in a variety of software packages and information appliances; Apache and nginx, two of the most popular server packages around accounting for an estimated 66 per cent of all web servers, use OpenSSL; the library is also commonly used in other encrypted systems such as virtual private network (VPN) appliances, point-of-sale (PoS) systems and messaging servers.
The Heartbleed Bug works by exploiting the heartbeat extension of the Transport Security Layer (TLS) protocol; attackers are able to read unlimited system memory in 64KB chunks, with exploitation leaving no trace on the system. These memory chunks can be reassembled and analysed to gather usernames, passwords, encryption keys, and other privileged information which should not be exposed to the public.
It’s advised that Thundernews Members change their passwords for online services, especially email services such as gmail, yahoo, social networks such as facebook, twitter, any banking or investment sites and any other site that has used the OpenSSL library.
