‘Heartbleed’ Bug Bypasses OpenSSL Web Encryption
There is nothing scarier than feeling vulnerable online. Internet users are always looking for ways to increase their protection and ensure that their personal information is secure from hackers. However, a new “heartbleed” bug has elicited a lot of panic online. Being the largest online security flaw we have seen in years, the whole internet has been under siege. The culprit was found within open-source software that is referred to as OpenSSL. This type of software is regularly used for web encryptions. This flaw that exists in the OpenSSL software has left Yahoo Passwords vulnerable. This “heartbleed” bug is running rampant and could cause a lot of havoc. Whenever personal information and sensitive data is released, it can cause a firestorm of panic.
How Does “Heartbleed” Work?
This bug is highly unique and is a security breech that is extremely serious. This bug can work by making the server’s memory viewable. This includes the most important and private data including passwords, credit card account numbers and usernames. This bug also allows hackers to pretend to be servers and gain access to secure users.
The reason for alarm stems from the make-up and capacity of this ‘heartbleed’ bug. Attacks and security breaches are common online, but this one is different. This one means that websites will have to alter their design significantly and anyone that has visited these attacked sites will have to change their passwords. This attack has had a wide reach, which only multiplies the problems and makes the security vulnerability a much more serious issue. This is a big deal when you take into account the amount of people that use these websites and the amount of information that they disclose online. This ‘heartbleed’ bug can have huge ramifications.
Security firms were having a field day on Twitter with the disclosure of the ‘heartbleed’ bug. Ronald Prins of Fox-IT tweeted to his followers that he was able to get a Yahoo password and username through this attack. Another IT whiz boasted that he was able to snag more than 200 Yahoo passwords. This only led to more panic and upheaval for online users. Yahoo moved quickly to halt the attack and reassure online users. They fixed the primary vulnerability initially once the problem was made visible to them. They offered that they had found a fix and that data was no longer vulnerable. However, Yahoo did not go into detail about how users could be effected long-term by this ‘heartbleed’ bug.
Some websites have surfaced to help users determine if a website is vulnerable to the ‘heartbleed’ bug. Cryptography expert Filippo Valsorda developed an online tool to verify if a website is still vulnerable or not to Heartbleed. As time goes by, more and more websites are patching the security loophole and we hope to hear more soon. Due to the severity and large list of popular websites, everyone was in a mad scramble to change their passwords. Luckily some sites like Google, Microsoft, Facebook, Twitter and Dropbox remained unaffected.