The Heartbleed bug has taken the entire internet by storm. So, what is it and how to stay protected are the basic questions that come to mind.
There is a huge security glitch and the possible hackers could take undue advantage of the same. As a matter of fact, there have always been bugs and virus problems in the internet. However, this time around, it is a massive one that will affect virtually all the cyberspace.
If the experts are to be believed, it is a bug that has been around for at least one year if not less and it is only now that we have come to know about it. Let’s know more about it.
What’s Heartbleed Bug?
It was on Tuesday there was an announcement regarding a security glitch in the OpenSSL. OpenSSL is a well-known data encryption unit. It can give the potential hackers an virtually unlimited amount of data from those services that are normally used every day.
The volume of the bug is a huge one unlike the ones that are found in the apps, so to say. So, it is not easy to get an update easily due to the hugeness of the loophole. The problems are actually in the machines that support the services, which are supposed to transmit safe and secure information. Gmail and Facebook are the two prominent to name a few.
Users are actually looking to convey the data to and fro securely. The security of the communication is of prime importance and that is taken care of under standard circumstances.
However, an error in the programming for implementing the OpenSSL, it came to notice that it would be possible to send out packets of data. It resembles heartbeats and makes the remote computer to send the data that from its memory.
The security glitch was brought out in the open by Neel Mehta, who is a Google security researcher. Codenomicon, which is a security company, also found the same. The dangerous thing about this is that it does not leave behind any trace even if used.
Is it Bad or Very Bad?
Just don’t say it’s bad or very bad. It’s actually pretty terrible for a lot of reasons. The web servers can keep loads of information in its memory. It includes sensitive information like credit card numbers, apart from the normal usernames and passwords.
But that’s not the end of the problems. The horrible thing is that with this glitch, hackers have now got the ability to lay their hands on encryption keys as well. Hackers will be able to read the encrypted data from the server of a site without any need of having a secure connection.
Are you Affected by the Flaw?
One needs to see the bigger picture. The problem isn’t on a personal or individual basis. When in fact the services itself are prone to be affected, there is every chance you too can be affected by the hiccup directly or indirectly.
When the flaw was spotted by the researchers, they had notified the OpenSSL developers well in advance about the vulnerability. So, chances are the issue could have been fixed in the meantime before word was out on Tuesday.
The first thing is that do not rush in to change your passwords right now. According to CNet, “Security experts suggest waiting for confirmation of a fix because further activity on a vulnerable site could exacerbate the problem.”
Only when there is a confirmation of the fix from the services, only then go on to change your passwords. Change the passwords even if there is two-way authentication.