Nowadays, Heartbleed bug is the hot topic. This is among the biggest security threats to Internet and has been around for two years – but was discovered recently. This computer bug has a name and logo. It has been affecting millions of websites, and as per the reports, there are ways to protect yourself from the bug.
We’ve put together the following blog to help you understand what the fuss is all about.
What is heartbleed bug?
Heartbleed bug is a security flaw with OpenSSL that allows an attacker to drag data from its memory, which can include personal information like passwords, usernames, credit card numbers etc. Heartbleed bug allows stealing the information protected by the SSL/TLS encryption used to secure to internet. Internet’s secure web servers believed to be vulnerable to the attack, resulting in theft of servers’ private keys and users’ session cookies and passwords. With heartbleed bug, anyone on the internet can read the memory of the systems protected by vulnerable versions of OpenSSL software.
How vulnerable is it?
Heartbleed bug is an extremely critical vulnerability that allows millions to websites to encrypt communications with visitors. It can be used to steal usernames and passwords, as well as private keys that sites use to encrypt sensitive data.
The versions of OpenSSL which are affected:
• OpenSSL 1.0.1 through 1.0.1F are vulnerable
• OpenSSL 1.0.1g, 1.0.0 branch and 0.9.8 branch are not vulnerable
The flaw can make it possible for hackers to steal encryption keys. Encryption keys are used to turn encrypted data into readable information.
Are you affected by this bug?
According to security firm, Codenomicon,” You are likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company’s site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL. Many of online services use TLS to both to identify themselves to you and to protect your privacy and transactions. You might have networked appliances with logins secured by this buggy implementation of the TLS. Furthermore you might have client side software on your computer that could expose the data from your computer if you connect to compromised services.”
What companies are doing to protect themselves from heartbleed bug?
According to the security experts, the heartbleed bug has cost businesses tons of millions in terms of lost productivity. They have to update systems with safe versions of OpenSSL. Although majority of major sites have updated their services to a newer version of OpenSSL, but it’s still a good idea to change passwords of your email accounts, internet banking passwords, and other vital accounts. There are still a handful of websites susceptible to the heartbleed bug.