What is The Heartbleed Bug
In case you haven’t been on the Internet or looked an any online news in the past few days there is a new Internet security vulnerability called The Heartbleed Bug.
News websites and technology blogs have gone into overdrive posting articles about this new OpenSLL bug over the past few days, and with good reason as it is one of the biggest online security threats in recent years.
The Heartbleed Bug is a vulnerability in the widely used OpenSSL cryptographic software library. What on earth is that you ask? Well SSL stands for Secure Sockets Layer.
When you are logged into a website such as an online shopping cart or your Gmail account for example, you will notice a little padlock next to the web address in your web browser. Also you will have https: at the start of the web address instead of the normal http:
This means you are in an SSL secured layer so that any sensitive information you are sending is encrypted, which basically keeps it safer from being eavesdropped or accessed by hackers.
The Heartbleed Bug allows anyone on the Internet to access the memory of systems that have the vulnerability. This in turn allows them to access secret session and private keys used by SSL which would allow decrypting of past and future SSL traffic on that web server.
Why is The Heartbleed Bug so Nasty?
As OpenSSL is so widely used on web servers this is a massive concern. It would appear the vulnerability has been there since December 2011, but hackers have only just realised it was there. Or the knowledge of it’s existence has only just been made public.
So basically anyone who had the know how about the Heartbleed Bug technique since December 2011 could have used the vulnerability to eavesdrop on any secured information being sent to the affected web servers.
Which Passwords You Need To Change NOW
As OpenSLL is so commonly used on web servers, even some of the biggest brands have been vulnerable to The Heartbleed Bug for quite sometime.
We found this great article on Mashable published yesterday called The Heartbleed Hit List: The Passwords You Need to Change Right Now.
We have collated the data from this article below so you can easily go through the list of websites you probably use every day. You should immediately change your passwords for all of the websites listed.
All of these sites listed either definitely were affected, or it is unclear if they were. Best to be on the safe side and change your passwords asap.
Passwords You Need To Change Immediately
- Tumblr
- Yahoo
- Gmail
- Yahoo Mail
- Amazon Web Services
- Etsy
- GoDaddy
- Intuit(TurboTax)
- USAA
- Box
- Dropbox
- GitHub
- IFTTT
- Minecraft
- OKCupid
- Soundcloud
- Wunderlist
Video Simply Explaining The Heartbleed Bug
This video created by Mashable explains the bug reasonably simply
Test a website’s server for The Heartbleed Bug
You can use this Heartbleed test to put in a website address and see if that website has the Heartbleed Bug on it’s web server.
The Good News
Our web servers here at Byron Bay Web Hosting did not have the vulnerability, so you don’t need to worry.
Something We Found Interesting About Heartbleed
One thing we thought was very interesting about The Heartbleed Bug is its branding. As far a we know this is the first Internet security vulnerability that has it’s own cool logo.
Not only that it also has its own website here: The Heartbleed Bug.
We aren’t the only ones thinking the way this thing has been branded for mass consumption is a little odd – check out this article on TechCrunch called Heartbleed, The First Security Bug With A Cool Logo.
Conclusion
Security online in the modern digital world is of utmost importance, with people making online transactions every day that could expose their sensitive data such as credit card and banking details.
The Heartbleed Bug looks to be the most serious Internet security treat we may have ever had, and it’s not quite over yet.
Until all vulnerable systems running OpenSSL are patched and any SSL certificates used on those machines are renewed there is still the chance that the Heartbleed Bug could be used to access sensitive data. We will keep you posted on any new updates to this situation as they arise.
Speak Your Mind
You must be logged in to post a comment.