Feeling Inquisitive about Heartbleed? Here are answers for all your questions!

A confounding computer bug called “Heartbleed” is creating big security issues across the internet making the Web surfers to wonder whether they should change their passwords to prevent theft of their sensitive information such as credit card number, email accounts and so on.

The bug creates an opening in SSL/TLS, which is an encryption technology marked by the small, closed padlock and “https:” on Web browsers to signify that traffic is secure. With the help of this bug, one can spy on Internet traffic even if the padlock had been closed. The security researchers say that the interlopers could also grab the keys for decoding encrypted data without the website owners knowing the theft had occurred.

Although the problem affects only the variant of SSL/TLS known as OpenSSL, but that happens to be one of the most common on the Internet as about two-thirds of Web servers rely on OpenSSL. It indicates that even if the protection is offered by encryptions, the information passing through hundreds of thousands of websites could be at risk. OpenSSL is not only used to secure emails and chats but also the virtual private networks (VPNs), which are used by employees to connect with corporate networks in order to safeguard confidential information from snooping eyes.

As per the research 500,000 Web sites could be affected by this bug. Yahoo, Google and Facebook confirmed they had been affected by the OpenSSL flaw and had applied fixes to their systems. However, Twitter and e-commerce giant Amazon say their websites weren’t exposed to Heartbleed.

You must be feeling very inquisitive about this bug and there would be so many questions arising in your mind about what, why, when, where, how and so on. Here are some of the most frequently asked questions about heartbleed and answers to them.

What is Heartbleed?

1

Heartbleed is a security bug in the open-source OpenSSL cryptography library, widely used to implement the Internet’s Transport Layer Security (TLS) protocol.

In simple words it is a security vulnerability in OpenSSL software that allows a hacker to access the memory of data servers.

What is OpenSSL?

2

SSL stands for Secure Sockets Layer however it’s also known by its new name, Transport Layer Security, or TLS. It is the most basic means through which information is encrypted on the Web. It mitigates the potential of someone spying on you as you browse the Internet. If SSL is enabled on any site, you will see ‘https’ in place of ‘http’.

Who discovered the bug?

3

Security firm Codenomicon and Google researcher Neel Mehta both found the bug independently from each other, but on the same day.

[useful_banner_manager banners=24 count=1]

 

Why is it called Heartbleed?

4

The term “Heartbleed” was coined by Ossi Herrala, a systems administrator at Codenomicon. Although its technical name is CVE-2014-0160, named for the line of code that contained the bug, Heartbleed is a play on words referring to an extension on OpenSSL called “heartbeat.”

Should I change my passwords?

5

Yes, you might need to change the password however you can wait until you get a confirmation from the Web site operator that the bug has been patched. It is obvious that you will want to change your password immediately, but if the Web site’s bug has not been fixed, password change would be useless and in fact you will kind of give attackers your new password.

How do I check if a Web site has been affected or fixed?

6

The best way to get the confirmation whether the website has been affected or fixed , you can visit the blog of those website as usually most of the companies issue about the health of their sites on it. Or else you can mark an email to the site operator or customer service person directly.

Should I be worried about my bank account?

7

Although most banks use proprietary encryption software instead of OpenSSL, still if you’re unsure, contact your bank directly for confirmation that the Web site is secure. Besides, it is always wise to monitor your financial statements for the next few days to make sure there are no unfamiliar charges.

How do I know if anyone has used the Heartbleed vulnerability to steal my information?

8

According to Codenomicon, exploiting the bug “leaves no traces of anything abnormal happening to the logs” of Web sites, unfortunately.

[useful_banner_manager banners=16 count=1]