Google
» » » What Is The Heartbleed Bug? Everything You Need To Know

Tuesday, April 15, 2014 0 ,
A+ A-
What is this 'Heartbleed' everyone is suddenly talking about? The term suddenly exploded as if out of nowhere, and had me thinking; meh, it's probably another messaging app that someone has discovered a bug with. 

Heartbleed is a major security bug that was discovered Codenomicon, a software security firm, and a member of Google's security team. It is a serious security threat that has the potential to expose users' private information, including passwords, financial details and instant messages, among other things.
 

The Heartbleed Bug

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

How does it work?

The bug leaves open a hole that allows hackers to get in and around the encryption between you and the site. This means that the information stored on the servers, and passed between you, could be stolen! This information can include username/password combinations, personal details and addresses, credit card information, and so on! According to the guys at Codenomicon:
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
The bug, as demonstrated is dangerous yet very simple, which explains why it had never been identified before. It's a loophole in code, and not an attack or a virus that you can defend against.

Will it effect me?

Obviously! The bug has affected all websites and services running on OpenSSL. These include Facebook, Pinterest, Instagram, Tumblr, Google, Yahoo, Amazon, GoDaddy, GitHub, and Dropbox to name just a few. Many of these websites have already addressed the vulnerability with a patch.
But there isn't much you can do on your part to improve your personal security. Changing passwords won't help you much at this point, but you can go ahead and do it anyway. It is advisable to lay off any online purchases you want to make until the dust settles down.
Furthermore, you can use the Heartbleed Bug checker to see whether the website you are visiting has addressed their vulnerability or not. You can also use LastPass’s SSL date checker to see if the server of the website has updated its SSL certificate recently.
Additionally, if you run your own website, the best thing you can do is update your OpenSSL immediately! Many good web hosting companies will do this for you.

Culled From>> MBT
Image Source>> http://heartbleed.com/

Share to:

Post a Comment

Subscribe to: Post Comments (Atom)
 
Top