HeartBleed – All you need to know about this Catastrophic Bug
It may sound you like a new song from Bullet For My Valentine… but NO! its a new Web Nightmare.
So What is it?
HeartBleed is a security vulnerability in OpenSSL, a popular open-source protocol which is used to encrypt or secure most of the websites on the internet.
(Almost 66% of the websites on Internet uses SSL To encryptdata)
SSL (Secure Socket Layer) is used to protect the confidential information such as usernames, passwords, credit card numbers and other sensitive data set on secure websites . Mainly it is used in securing and protecting the services like Online Shopping and Online Banking from Eavesdropping.
How It Works?
Well, in simple words… Any Hacker or Someone who knows how to exploit this bug could simply pull out small bits of data from a server, over and over, until gaining the private keys needed to read all of the information that’s there on the server (including username, passwords, credit card numbers etc..).
You can watch the below video for a detailed explanation about HeartBleed and How it works..
Who all are Vulnerable?
This HeartBleed bug has been in OpenSSL for almost 2+ years (OpenSSL versions 1.0.1 through 1.0.1f) before its publicly announced discovery 3 days back …. The bug was discovered by Neel Mehta who is from the Google’s security team.
The Heartbleed bug, affects any website and service running specific versions of OpenSSL (1.0.1 through 1.0.1f). Many sites must be using older versions of OpenSSL that are not vulnerable and many have likely updated their OpenSSL to the latest fixed version.
However, there are many tools available online where you can check or test whether the website is vulnerable to this Bug or not.
Also, Cnet have compiled a list of the top 100 sites across the Web, and checked to see if the Heartbleed bug was patched on them, You can check out the list by visiting this URL: http://www.cnet.com/how-to/which-sites-have-patched-the-heartbleed-bug/
What Should You Do?
If you own any website which is using OpenSSL , it is advised to update it to the latest fixed version and reissue your security certificates.
For an Average User, there is nothing much you can do about this. Try avoiding the vulnerable websites for few days until you receive any official notification or notice regarding the fix.
Yes, you can change your passwords too,. but it won’t help until the website has fixed the issue. So watch out for their blog, newsletters, facebook page for the related news.
This is how Tumblr updated its Users about the Vulnerability.
If you want to share anything about HeartBleed Bug with me, please do so by using the comments section below. I’d be glad to hear your thoughts on this.Cheers!