The 411 on the Web’s Latest Scare – the Heartbleed Bug


In case you weren’t aware, there’s a new security issue that’s causing a lot of netizens to be scared (to the point of paranoia). The vulnerability is called the Heartbleed bug and affects a huge portion of the internet from social networks to cloud-based services. But how exactly does it affect consumers and websites in general? Here’s our short FYI for those who want to learn about the bug and how to keep yourself safe from it.

WHAT IS IT EXACTLY?

The Heartbleed bug is a vulnerability in OpenSSL, an open-source library used to encrypt and secure various web and email connections (these are mostly websites that have https in their addresses). For the past few years, a great number of websites have used SSL encryption in order to prevent hackers from stealing important information from websites.

With the Heartbleed bug, a hacked can pass an incorrect value to an OpenSSL extension and read up to 64KB off a website host’s memory. The process can be repeated in order to read more from the host, exposing various form of information from the website including names, passwords, content, etc.

WHO’S AFFECTED BY HEARTBLEED?

Over 60% of the web uses OpenSSL encryption from social networks to e-commerce websites. The good news (well, sort of) is that the bug was discovered by researchers at Google and a Finnish security firm, and not through a detected malicious attack.

However, the attack leaves no footprint, so there’s no sure way to tell whether the vulnerability has been used to maliciously gather information (although there are reports that the US NSA has utilized the bug to get information in its spying activities).

WHAT SHOULD WE DO TO KEEP OUR INFO SAFE?

As mentioned earlier, the bug affects a website’s host, and as such directly impacts those who manage web servers. For those who do manage websites, they must upgrade to OpenSSL version 1.0.1g, which is a new version of OpenSSL released on April 7 that fixes the vulnerability.

If you’re just an ordinary internet user, don’t be complacent. Do remember that a huge number of websites (most of which you use) utilize OpenSSL, so there might be a probability that the information you saved on that website – may it be your name, password or worse bank account information was compromised.

Connect with The Techie Lifestyle on your favorite social networking sites

Twitter Facebook Pinterest Subscribe to RSS Feeds Google Plus Follow via Email


COMMENTS



2013-2015 © The Techie Lifestyle
Planer theme
Powered by Jasper Roberts Consulting - Widget