What to know about the Heartbleed Bug?
The Heartbleed Bug is a critical exposure in the famous OpenSSL cryptographic software library. This exposure will steal protected information on usual situations through the SSL/TLS encryption that we use in securing the Internet. The SSL/TLS is responsible for the security and privacy of communication through the web applications such as web, IM, VPNs, emails and a lot more. This bug will let anyone using the Internet to access the memory of their systems safeguarded by the susceptible versions of the OpenSSL program. This will concede the secret keys that are used to classify the service providers and to encode the traffic, the user account details and the content. This will let the intruders to monitor the communications, take the data from the services and users, and to imitate them.
The Heartbleed bug begins with an aperture in the software, turning the personal information of most websites into strings of numbers and letters. To distinguish its existence, if you notice a padlock image on your browser’s address bar, the website is using the encryption software that is probably obstructed with this bug. According to Matthew Prince, the CEO of CloudFare, “this is the worst bug the Internet has ever seen”. In the span of more than 2-years, Heartbleed let the outsiders to sneak in the personal information that are supposedly secured by the Intruders. The “heartbeat extension” is a term that lets the intruder access the feature of computers that are being used to know if they are still online. However, a malicious heartbeat signal could compel the computer to disclose private information on its memory. The Heartbleed Bug will reveal the user account details such as the usernames and passwords. It even compromises the user’s session keys that allows them to log into a website and this will let the intruders impersonate the user’s identity without needing any passwords. This will also let the attackers to act as a real website and deceive the user to give their personal details. And worst, this bug doesn’t leave any traces and you will never know when or if you are being attacked.
The Heartbleed Bug affects major websites since they are the ones who mostly rely on this program. According to the survey, 81% of websites are running the web server programs such as Apache and Nginx. And apparently, those two are defenseless to this bug. Sites, including Amazon, Google, Yahoo and OKCupid uses those encryption tools, but they have updated their sites and include a fix for this latest bug.
To keep you protected, log out to all your account, to your email, social media accounts, banking and more. Aside from that, there is really nothing more that we can do. We need to wait until those website updates their encryption software that can fix the bug. There is no use in changing your account password. Chances are, you will change your password for those sites that are still prone to the bug.
Also, we need to be aware since Heartbleed Bug doesn’t just affect websites. It is also present on our portable gadgets that we use in connecting to the Internet. Servers, routers, mobile phones, switches and video cameras are also affected. If this will continue, two years from now, intruders can easily tap our phone calls, voicemails, emails, computers or even our iPhone’s. Even if we connect from our home to our office remotely.
A list of affected websites can be found from the GitHub website.
You can also find the HeartBleed Virus Test from the filippo.io. Just type the URL or the hostname to test if it’s vulnerable to this bug.