The “Heartbleed Bug” 101
What is the “Heartbleed Bug”?
Heartbleed bug is a vulnerability in the popular OpenSSL (Open Secure Socket Layers) cryptographic library that allows hackers the ability to collect passwords, credit cards numbers, private keys and other data on servers that operated the software. OpenSSL provides the valuable service of keeping user information safe during web transmission, the Heartbleed bug is a memory leak in the software that allows that information to be captured in a readable format when is should be encrypted.
How/When did it start?
Earlier releases of the OpenSSL software is fine, but the in the March 2012 release of OpenSSL 1.0.1 is where the vulnerability was introduced which equates to two years.
Why is it such a threat?
The Heartland bug is a threat because it allows a malicious individual the ability to collect passwords, credit cards numbers, private keys and other data on servers that operated the affected OpenSSL software. This accumulates to two-thirds of all websites on the Internet since March of 2012. Furthermore, companies do not know if their users were affected by the OpenSLL vulnerability because exploitation of the bug does not leave any traces a malicious activity occurred.
How does it affect internet users?
It affects internet users due to the compromise of their online IDs to popular sites such as LinkedIn, Gmail and Yahoo to name a few. This will allow the malicious individual to use those accounts to further malicious acts. Also, with credit card information also one of the information that can be retrieved, there is a high chance for fraudulent activities.
What steps should users take to protect themselves?
First check to see if the site you visited were one of the affected sites, also when going to a site, check to see if the patches were installed on that site. Once you have identified the site as being patch and safe, changing your password is the next step. If you change your password before the site owner has applied the patch you should consider yourself still compromised. Lastly, do not reuse your password across other online accounts, if you do, you have created in a digital skeleton key that can be used to access your other online accounts.
Anything else people need to know about this issue?
Users should consider their information compromised if they have used one of the affected sites, with that said, they should monitor and read notices from the sites they visit. In addition, they should be aware of potential phishing scams since the malicious individual may have some personal information about you. Be sure to visit well known and reputable sites and lastly, since credit card information may have been compromised, check your banks records for any irregular activities.
Leave a ReplyWant to join the discussion?
Feel free to contribute!