News

Heartbleed bug: What is it and How it affects Online

Heartbleed bug is a fatal flaw uncovered in the key safety feature of internet surfing. It resulted to a major breakdown in internet security that raises great threat in millions of passwords, credit card numbers and other personal information online. Essentially, Heartbleed bug causes the information leak.

 

The damage created by the Heartbleed bug is still unknown. Base on the research conducted, it’s a security hole in the software being used by the majority of the websites that transformed the user’s personal information into thread of random letters, numbers and codes.

 

“It’s probably the worst bug in the Internet has ever seen. If a week from now we hear criminals spooked a massive number of accounts at financial institutions, it won’t surprise me.” –Matthew Prince, CEO of website-protecting service Cloudflare.

 

What Does Heartbleed Bug Do?

 

This Heartbleed Bug allowed outsiders to peek into the personal information for two years now. Information is supposed to be protected from snoopers, but the bug allows potential hacker to access an important feature that computers use to check if they’re still online. This is known as a “heartbeat extension.” But the appearance of such malicious heartbeat signal forces a computer to reveal secret information stored in the computer’s memory.

 

Heartbleed discloses your usernames and passwords. The session keys that keep you logged into a website is being compromise which allows an outsider to pretend as you, therefore no password required. It also allows attackers to be like a real website and fool you into giving up your personal information. Without your knowledge about it, you are hacked and the bug leaves no traces.

 

Who are the Targets of this Bug?

 

The targets of this Heartbleed bug are the major websites who are popular such as Amazon, Google, Yahoo and OKCupid, because they rely on this program. Web server programs Apache and Nginx are said to be more vulnerable to the Heartbleed bug.

How to Be Protected from this Bug?

You are required to log out from all websites: banking, email, media, social media, etc. To fix the bug, websites themselves also need to update the encryption software into a new version.

 

Changing your password immediately is not a good idea at all. Websites might still be fixing several issues and if you change your password, the site might still vulnerable. The process of fixing the damage is not easy because the job will not be completed unless all the websites can eliminate all the old keys they use in encrypt data.