Everything You Need To Know About Heartbleed Bug In Two Minutes
Internet is haunted by yet another security threat, a bug named Heartbleed. This bug has already affected two third of active websites around the world which includes big names like Yahoo and Amazon. Heartbleed is a bug in OpenSSL, so you have to understand OpenSSL to understand Heartbleed. OpenSSL It is a protocol that is used to safeguard the transactions you make online. Websites use this OpenSSL for encryption which is https that encrypts the data and safeguards it from any spying eyes. This OpenSSL had a leak and that’s why researchers at Google and Codenomicon named it Heartbleed.
Heartbleed has its very own website
Unlike other security threats this one was not revealed in any of the research sites, instead users came to know about it though the website called heartbleed.com that was dedicated to this bug. The website belongs to a company named Codenomicon in Finland that has all the information about this virus along with a logo that is apt for the virus, a red heart sign bleeding, making it one of the coolest logos for any virus or bug so far.
It is surprising that researchers have found that this virus has been there since 2012 but no one had the slightest idea about it until now. If websites use OpenSSL that has been infected then the attacker can get the server to spill out its secret keys. That will allow them to read the memory of systems that were encrypted. In other words all the sensitive information like your username, password, credit card number etc will be accessible to the attacker.
One of the reasons why everyone is so worked up is because it has been there for almost two years so plenty of websites might not have known about it until now. Secondly it seals chunks of information from the server and not individual system which means millions of people are affected. Other than that web servers like Apache and Nginx which powers more than 50 % of websites worldwide are affected. From e mail servers to chat servers and virtual private networks all use OpenSSL. Smaller sites will be affected the most as most of them have upgraded to the latest encryption that has been affected. Hence OpenSSL 0.9.8 to 1.0.1g are not vulnerable but OpenSSL 1.0.1 through 1.0.1f are vulnerable.
What are websites doing to safeguard their users?
There is nothing users can do apart from changing their password but that should only be done once the website announces that it is safe to be used. Companies that are running OpenSSL are trying their best to protect their website from this threat. Yahoo has advice users not to use their service until they have updated their sites. This is pretty much the approach other companies have to use; they have to update their servers.