Let’s discuss the key details of Heartbleed, internet security error which was detected last week through this post.
What isHeartbleed bug?
Heartbleed, an internet security flaw has been featured in the news recently and it may put many websites at risk. It is not a virus; it’s just a security error! Not only the websites, it has ability to affect networking equipment, switches and Firewalls. With this vulnerability, a remote attacker could extract information from any remote server running OpenSSL software. OpenSSL is the widely used protocol which is adopted by 66% of web. Heartbleed was discovered by a security company called Codenomicon and Neil Metha, a Google researcher. This bug has been present in the web since 2011 and now it is widely available which would make the websites running the non-patched OpenSSL more vulnerable for phishing operations.
Why does it matter?
About two-thirds of the servers currently on the internet use OpenSSL and these could be affected with Heartbleed bug. Hackers could potentially use this bug to breach a system and steal passwords & security information. Also, it would let the attackers to obtain the secret keys of the server and they could leave without any evidence. Thus you may never know that you’ve been hacked or not.
Which sites were affected by Heartbleed?
As Heartbleed allows potential hackers to steal passwords, credit card information and other encrypted data, the internet users are scaring a lot with its massive security threat. It has skill to break the SSL encryption of some giant internet companies like Google, Yahoo, Tumblr, Instagram, Amazon, Dropbox and some dating websites. Some of the web firms have claimed that they have fixed this issue with a security patch by updating their servers.
Heartbleed bug has to be seriously handled and it nudged some services & websites to enter their patch mode. Here you could check some of the websites that had reacted to the Heartbleed bug. Moreover, Google announced that smartphones and Tablets that runs on a specific version of Android were affected by this web security bug which could leak the login credentials to the hackers.Apple says that the IOS devices are unaffected.
What you need to do to stay safe from Heartbleed?
Here are some preventive measures to stay safe from Heartbleed
- Millions of internet users are asking “which websites are affected by Heartbleed bug?” Make use of the tools like Filippo.io or Lastpass to check whether the affected sites have been patched or not.
- Change your password on every site that is affected and has been patched.
- It would be better using a password manager to create secure passwords for your various online accounts.
- Don’t use the same password for two websites and have it in mind that thousands of Yahoo passwords have been stolen.
- Since the attackers could steal your data and leave without evidence through the Heartbleed bug, it would be upright to delete all your important documents from your email account and store them in to your PC.
- Even though the bank accounts are not affected much with this security issue, avoiding online banking for a while could be a safe option to protect your bank accounts. Also be sure to remove your credit card and bank details from the ecommerce websites and other internet pages.
- It would be virtuous to visit Heartbleed to get detailed information about this bug.
If you have Android device, do check the useful app, Heartbleed security scanner to handle it.
Study says that nearly 2/3rd of the internet is affected by Heartbleed bug that could have skill to disrupt all the internet activities, if used by the hackers. We should thank the great achievers who revealed this security flaw and thus many websites have rolled out a fix to this issue. The affected web pages need to update new encryption software to fix this bug. Changing your password on the not-yet fixed site makes no sense as it would even create new vulnerability. So, don’t act too quickly to change your password. Instead, be sure to confirm the pretentious websites are patched to beat the Heartbleed bug and then reset your passwords on them.
If you’re a website owner/network manager, you should apply the patch and reissuing the SSL security certificates to create new passwords for your users. I hope that you’ve expanded your knowledge about Heartbleed bug through this post and do share your views through comment.