by

Nitin

10 Apr 2014, 10:00 pm

about the author

He loves to write and has a passion for technology. He combines his talent and passion to create amazing write-ups. Technology keeps evolving and he loves to keep himself updated. According to him “Just knowing is not enough, you have to go to the core of things to understand them.” He enjoys traveling, photography and socializing.

About Nitin

Everything You Need To Know About Heartbleed Bug In Two Minutes

Heartbleed Bug

Internet is haunted by yet another security threat, a bug named Heartbleed. This bug has already affected two third of active websites around the world which includes big names like Yahoo and Amazon. Heartbleed is a bug in OpenSSL, so you have to understand OpenSSL to understand Heartbleed. OpenSSL It is a protocol that is used to safeguard the transactions you make online. Websites use this OpenSSL for encryption which is https that encrypts the data and safeguards it from any spying eyes. This OpenSSL had a leak and that’s why researchers at Google and Codenomicon named it Heartbleed.

 

Heartbleed has its very own website

Unlike other security threats this one was not revealed in any of the research sites, instead users came to know about it though the website called heartbleed.com that was dedicated to this bug. The website belongs to a company named Codenomicon in Finland that has all the information about this virus along with a logo that is apt for the virus, a red heart sign bleeding, making it one of the coolest logos for any virus or bug so far.

The Threat

It is surprising that researchers have found that this virus has been there since 2012 but no one had the slightest idea about it until now. If websites use OpenSSL that has been infected then the attacker can get the server to spill out its secret keys. That will allow them to read the memory of systems that were encrypted. In other words all the sensitive information like your username, password, credit card number etc will be accessible to the attacker.

One of the reasons why everyone is so worked up is because it has been there for almost two years so plenty of websites might not have known about it until now. Secondly it seals chunks of information from the server and not individual system which means millions of people are affected. Other than that web servers like Apache and Nginx which powers more than 50 % of websites worldwide are affected. From e mail servers to chat servers and virtual private networks all use OpenSSL. Smaller sites will be affected the most as most of them have upgraded to the latest encryption that has been affected. Hence OpenSSL 0.9.8 to 1.0.1g are not vulnerable but OpenSSL 1.0.1 through 1.0.1f are vulnerable.

What are websites doing to safeguard their users?

There is nothing users can do apart from changing their password but that should only be done once the website announces that it is safe to be used. Companies that are running OpenSSL are trying their best to protect their website from this threat.  Yahoo has advice users not to use their service until they have updated their sites. This is pretty much the approach other companies have to use; they have to update their servers.

by

Nitin

10 Apr 2014, 10:00 pm

about the author

He loves to write and has a passion for technology. He combines his talent and passion to create amazing write-ups. Technology keeps evolving and he loves to keep himself updated. According to him “Just knowing is not enough, you have to go to the core of things to understand them.” He enjoys traveling, photography and socializing.

About Nitin
Comment with Facebook

trending

Featured Posts

Editors Choice

Reviews