Internet Suffering From ‘Heartbleed’
The most controversial bug that has engendered the crisis of user security has been planted in the World Wide Web
Internet is now suffering from a disease caused by a bug known as Heartbleed which has put users’ personal information at stakes. Users’ sensitive personal data including usernames, passwords, and credit card information has become vulnerable due to the loophole created by the bug. It is estimated that around 500,000 websites can be vulnerable due to the Heartbleed bug.
What is Heartbleed?
Heartbleed bug is a security vulnerability in OpenSSL software that lets a hacker access the memory of data servers. To understand Heartbleed bug we need to know about the function of OpenSSL project. OpenSSL is an open-source project which was built to provide security for the internet community. With OpenSSL, websites can provide encrypted information to visitors, so that the data transferred (including usernames, passwords and cookies) cannot be seen by others while it goes from your computer to the website. But there was a loophole in this project—a built-in feature of OpenSSL called heartbeat—which has been exploited by the hackers to extract the encrypted information which was secured by the project.
Many websites, including Google, Facebook, DropBox and OKCupid, have now patched the version of the security software they ran, called OpenSSL, which was vulnerable to Heartbleed. The attack has raised an important question about the guarantee of the security certificates given. Heartbleed bug attackers could seize secret keys used in conjunction with security certificates as an identity check.
How to protect?
To immune your PC from this attack you should definitely change your passwords at least for the services confirmed as vulnerable and have now been fixed, such as Google and Yahoo. But you should be changing your passwords regularly no matter what. Don’t ever write down your passwords on a notepad or a document inside the computer. This password-changing recommendation is nothing but a precaution, because even if hackers knew about the problem, the chances of them getting your password, and being able to match up that data to your username would be very difficult.
By Rohan Pal