What is this 'Heartbleed' everyone is suddenly talking about? I won't blame you if you're as clueless as I was when I first heard about it. The term suddenly exploded as if out of nowhere, and had me thinking; meh, it's probably another messaging app that someone has discovered a bug with. But no. Heartbleed is a major security bug that was discovered Codenomicon, a software security firm, and a member of Google's security team. It is a serious security threat that has the potential to expose users' private information, including passwords, financial details and instant messages, among other things. So if security is one of your concerns, you need to read this!
The Heartbleed Bug
The Heartbleed bug is a vulnerability in the OpenSSL security used by millions of websites on the web These include websites for e-commerce, online shopping stores, banks, email providers, and so on - places where a security breach can hurt you most.
How does it work?
The bug leaves open a hole that allows hackers to get in and around the encryption between you and the site. This means that the information stored on the servers, and passed between you, could be stolen! This information can include username/password combinations, personal details and addresses, credit card information, and so on! According to the guys at Codenomicon:
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
Here's a nice little comic that's been going around the internet demonstrating the workings of the bug.
The bug, as demonstrated is dangerous yet very simple, which explains why it had never been identified before. It's a loophole in code, and not an attack or a virus that you can defend against.
Will it effect me?
Obviously! The bug has affected all websites and services running on OpenSSL. These include Facebook, Pinterest, Instagram, Tumblr, Google, Yahoo, Amazon, GoDaddy, GitHub, and Dropbox to name just a few. Many of these websites have already addressed the vulnerability with a patch.
But there isn't much you can do on your part to improve your personal security. Changing passwords won't help you much at this point, but you can go ahead and do it anyway. It is advisable to lay off any online purchases you want to make until the dust settles down.
Furthermore, you can use the Heartbleed Bug checker to see whether the website you are visiting has addressed their vulnerability or not. You can also use LastPass’s SSL date checker to see if the server of the website has updated its SSL certificate recently.
Additionally, if you run your own website, the best thing you can do is update your OpenSSL immediately! Many good web hosting companies will do this for you.
Got any questions to ask? You know where to ask 'em. Cheers :)
If you don't want to get yourself into Serious Technical Trouble while editing your Blog Template then just sit back and relax and let us do the Job for you at a fairly reasonable cost. Submit your order details by Clicking Here »