In case you weren’t aware, there’s a new security issue
that’s causing a lot of netizens to be scared (to the point of paranoia). The
vulnerability is called the Heartbleed bug and affects a huge portion of the
internet from social networks to cloud-based services. But how exactly does it
affect consumers and websites in general? Here’s our short FYI for those who
want to learn about the bug and how to keep yourself safe from it.
WHAT IS IT EXACTLY?
The Heartbleed bug is a vulnerability in OpenSSL, an
open-source library used to encrypt and secure various web and email
connections (these are mostly websites that have https in their addresses). For
the past few years, a great number of websites have used SSL encryption in
order to prevent hackers from stealing important information from websites.
With the Heartbleed bug, a hacked can pass an incorrect value
to an OpenSSL extension and read up to 64KB off a website host’s memory. The
process can be repeated in order to read more from the host, exposing various
form of information from the website including names, passwords, content, etc.
WHO’S AFFECTED BY HEARTBLEED?
Over 60% of the web uses OpenSSL encryption from social
networks to e-commerce websites. The good news (well, sort of) is that the bug
was discovered by researchers at Google and a Finnish security firm, and not
through a detected malicious attack.
However, the attack leaves no footprint, so there’s no sure
way to tell whether the vulnerability has been used to maliciously gather
information (although there are reports that the US NSA has utilized the bug to
get information in its spying activities).
WHAT SHOULD WE DO TO KEEP OUR INFO SAFE?
As mentioned earlier, the bug affects a website’s host, and
as such directly impacts those who manage web servers. For those who do manage
websites, they must upgrade to OpenSSL version 1.0.1g, which is a new version
of OpenSSL released on April 7 that fixes the vulnerability.
If you’re just an ordinary internet user, don’t be
complacent. Do remember that a huge number of websites (most of which you use)
utilize OpenSSL, so there might be a probability that the information you saved
on that website – may it be your name, password or worse bank account
information was compromised.

