Loading...
Loading

Know About The OpenSSL Heartbleed Bug And Ways To Prevent It

2014-05-27by Brooke M. Perry

A new threat in the realm of online security, Heartbleed Bug has raised the concerns of all the Internet users across the globe. While even a layman uses the Internet as a platform for online communication through various websites, but he mostly remains ignorant about the security arrangement available to guard that communication. He just takes it for granted that some technology is there that is protecting his online shared personal information from being hacked or misused.

Indeed, there are many such technologies that are working towards online data and information security of one and all. Open SSL is one such open source project that was started in 1998 to protect the online data of every user from going into the hands of criminals.
As a user, we share our personal information like credit card numbers, passwords and other types of data with different shopping, banking, social media and other websites. Open SSL job is to encrypt the users' information on these websites so that no hacker can read our information to use those in a wrong way.

What Jeopardized the Open SSL Online Security?

Open SSL is an imperative endeavor that prevents the hacker thefts of Internet data. SSL refers to a Secure Sockets Layer (also known as transport layer security or TLS). Most of the websites use the SSL encryption so that they can avoid the stealing of their users' personal information and provide best of security to their users. All banking websites, social media sites like Facebook, Tumbler, Pinterest or any other that stores the personal information of their users, bank upon Open SSL encryption to ensure the online security.

What exactly Heartbleed Bug is?

Things were going well till OpenSSL version 1.0.1 got launched on March 14, 2012. This version had a bug called Heartbleed. It cracked the security that SSL encryption could offer. In simple words, Heartbleed bug is a programming error that makes all forms of SSL encrypted Internet data open to hackers by transforming the encrypting data into readable format. Hence, if a hacker hacks a website protected by vulnerable versions of the OpenSSL software, then he can easily read the encrypted personal information and passwords fed in that website by its users.

How Dangerous Is Heartbleed?

Open SSL is open source software, means any developer can work on its coding. In 2011, a Ph.D. student at the University of Duisburg-Essen, Robin Seggelmann did some coding error that caused the implementation of Heartbleed Bug in OpenSSL cryptographic software library. He was reported saying that he didn't induce the bug intentionally and he introduced the flawed code by mistake. Surprisingly, even Stephen N. Henson, one of OpenSSL's four core developers, authorized to double check the coding failure to identify the bug. Eventually, the OpenSSL version 1.0.1 got launched with the vulnerable code of Heartbleed and became available for adoption across the globe.

On April 1, 2014, Neel Mehta of Google's security team reported about the existence of Heartbleed. Eventually, all the possible risks that it brings came to the light. Heartbleed risks the online security in the following ways:

• If a website is protected by the vulnerable versions of the OpenSSL software, then Heartbleed bug will allow anyone on the Internet to read the memory of that website
• Anyone can access secret keys meant for service providers' identification
• Through Heartbleed bug, anyone can encrypt the names, passwords and the traffic of the users and read the actual content
• Hackers can eavesdrop on communications and can steal data directly from the users and service providers.

Which Websites are Prone to OpenSSL Vulnerability?

As all leading websites use SSL encryption to protect the information, data and traffic related to their sites, so majority of the sites are prone to the OpenSSL vulnerability.
Websites including Yahoo, AWS, Box, Dropbox, SoundCloud, OKCupid, Github, Amazon, Minecraft, IFFT, Tumblr, Pinterest, Instagram, Facebook, 500px, Redtube, Flickr, LastPass, Duckduckgo are just to name a few.

Heartbleed bug equally harms client software such as email clients, Web clients, chat clients, mobile applications, VPN clients, FTP clients and software updates. In addition, it affects Web servers, proxy servers, game servers, media servers, database servers, FTP servers and chat servers. Even the hardware devices such as routers, PBXes can also get affected by this vulnerability. Hence, it can be concluded that any web client that uses the vulnerable version of OpenSSL to communicate over SSL/TLS is open to Heartbleed attacks.

Ways to Prevent Heartbleed Open SSL Bug

First of all, at a personal front, as a user you can't do much to keep your data protected. But at the same time you must not sit idle either. The protection from this bug is possible only when the individual websites issue new SSL certificates. For instance, Yahoo, Duckduckgo, CloudFlare, Reddit, Netflix, Launchpad, Amazon, Adobe, Paypal, CloudFront, and Github have already issued new SSL certificates, hence these sites can be considered safe.

Likewise, you need to identify which of the sites you use on a regular basis, especially the sites where you have shared your personal information like credit card numbers, passwords etc. Once, you have the list, contact these websites through email and inquire when most likely they are going to issue the new SSL certificates. If you are told that they have already issued the new certificates, then immediately you should change your passwords in those sites. Even if the new SSL certificates have not got issued, still you should change your passwords.

Although, the change of passwords within a vulnerable Open SSL encryption is not going to be very helpful but yet the other option is just to sit idle and wait. Hence, instead of doing nothing, better you change your passwords, especially the passwords related to financial information. But prior to all, contact the websites that you use often, especially the shopping and banking websites where you have fed your financial information and enquire about the issuing of new SSL certificates by individual websites.

news Buffer
Author

Brooke M. Perry

Hi! I am Brook M. Perry, a prolific blog writer and writer and keen author of articles related to pc security support and solution for issues related to computers and mobile devices. Being associated with the reputed computer virus removal service provider Qresolve, I have resolved thousands of tech issues for our customers from worldwide. online computer support.My areas of interest are virus removal, PC security, endpoint security system, router support etc. You can follow me for my useful computer support articles on Ezine and other article-oriented websites.

View Brooke M. Perry`s profile for more
line

Leave a Comment