A confounding computer bug called “Heartbleed” is creating big security issues across the internet making the Web surfers to wonder whether they should change their passwords to prevent theft of their sensitive information such as credit card number, email accounts and so on.
The bug creates an opening in SSL/TLS, which is an encryption technology marked by the small, closed padlock and “https:” on Web browsers to signify that traffic is secure. With the help of this bug, one can spy on Internet traffic even if the padlock had been closed. The security researchers say that the interlopers could also grab the keys for decoding encrypted data without the website owners knowing the theft had occurred.
Although the problem affects only the variant of SSL/TLS known as OpenSSL, but that happens to be one of the most common on the Internet as about two-thirds of Web servers rely on OpenSSL. It indicates that even if the protection is offered by encryptions, the information passing through hundreds of thousands of websites could be at risk. OpenSSL is not only used to secure emails and chats but also the virtual private networks (VPNs), which are used by employees to connect with corporate networks in order to safeguard confidential information from snooping eyes.
As per the research 500,000 Web sites could be affected by this bug. Yahoo, Google and Facebook confirmed they had been affected by the OpenSSL flaw and had applied fixes to their systems. However, Twitter and e-commerce giant Amazon say their websites weren’t exposed to Heartbleed.
You must be feeling very inquisitive about this bug and there would be so many questions arising in your mind about what, why, when, where, how and so on. Here are some of the most frequently asked questions about heartbleed and answers to them.
What is Heartbleed?
Heartbleed is a security bug in the open-source OpenSSL cryptography library, widely used to implement the Internet’s Transport Layer Security (TLS) protocol.
In simple words it is a security vulnerability in OpenSSL software that allows a hacker to access the memory of data servers.
What is OpenSSL?
Who discovered the bug?
Security firm Codenomicon and Google researcher Neel Mehta both found the bug independently from each other, but on the same day.[useful_banner_manager banners=24 count=1]
Why is it called Heartbleed?
The term “Heartbleed” was coined by Ossi Herrala, a systems administrator at Codenomicon. Although its technical name is CVE-2014-0160, named for the line of code that contained the bug, Heartbleed is a play on words referring to an extension on OpenSSL called “heartbeat.”
Should I change my passwords?
How do I check if a Web site has been affected or fixed?
Should I be worried about my bank account?
Although most banks use proprietary encryption software instead of OpenSSL, still if you’re unsure, contact your bank directly for confirmation that the Web site is secure. Besides, it is always wise to monitor your financial statements for the next few days to make sure there are no unfamiliar charges.
How do I know if anyone has used the Heartbleed vulnerability to steal my information?
Learn from real practitioners not just trainers.