Published On: Fri, Apr 11th, 2014

What is the “Heart bleed bug” and how can it affect you

Share This
Tags

The Heart Bleed virus has been affecting millions of websites on the Internet for two years, but there are ways to protect yourself from the bug, according to reports.

Though users don’t have much power over the Heart Bleed virus — website administrators and creators have to update their OpenSSL software — there are ways to defend important passwords on Gmail, Facebook, Yahoo! and other sites.

The Heart Bleed virus allows hackers to exploit a flaw in the OpenSSL encryption software used by a majority of major websites to steal data like credit card numbers, passwords, and other personal information. The first defense for Internet users, then, is to change your passwords to protect your information from being taken and abused.

However, if a major website is still vulnerable to the Heart Bleed bug, changing a password won’t matter; the website would have to update their software first. To defend against this, an online tool called the Heartbleed test was created to test if a website has been compromised by the virus. Simply type the web address of the website into the box, and it will let you know whether it is safe. Sites like Facebook, Gmail, Amazon, Yahoo!, Twitter and others have already updated their software.

The Heart Bleed virus basically takes advantage of OpenSSL encryption software, which is standard for many websites and designated by the small padlock symbol. When messaging back and forth on a secure connection — think Facebook or Gmail messaging — sometimes a computer wants to check if the other computer is still available. They check by send a small packet of data, called a “heartbeat,” which is then confirmed. The flaw allows hackers to use a fake packet of data, which tricks the computer into responding with data stored in its memory.

Worse, this flaw is undetectable by current standards and has existed under the radar for about two years. For an in-depth analysis and FAQ on the Heart Beat virus

The flaw was discovered by security firm Codenomicon and Neel Mehta, a Google security researcher. They said that even if you don’t frequently use the internet, you are most likely affected by the bug.

“You are likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company’s site, commercial site, hobby site, sites you install software from or even sites run by your government might be using vulnerable OpenSSL.”

Source: http://global.christianpost.com

Comments

comments

Displaying 13 Comments
Have Your Say
  1. ted says:

    Microsoft IIS Web and Windows 2012 File servers are immune to heartbleed, since they don’t use open source.

    Funny how he mentions that Facebook, Gmail, Amazon, Yahoo!, Twitter and others “fixed it” quickly (after 2 years) but never mentions that all Microsoft web servers are not even vulnerable, as well as Hotmail, MSN, live and outlook.com email accounts!

    • Giovanni says:

      Oh man! Really? :-)
      Micro$oft must be great!
      Gonna try it sometimes…

    • Ned says:

      Who says they are immune ? Rubbish ! If there is any attack MS Servers and software are the first to get affected. After all it is Microsoft that created a Virus framework called MS Windows ! Microsoft has absolutely no appreciations as far as security is concerned. If Hotmail is not infected may be HeartBleed is one of it’s modules in the code !

  2. Jesse says:

    Hotmail has all sorts of problems and always will. My dated Hotmail account sent other people phishing scams I never clicked on to start with…

    • (X) says:

      Okay so I play on this website called Kongreate,and I was wondering,IS IT INFECTED???????
      Really,is it?? I don’t use any personal info but I know a lot of people do on that website!

  3. duoc says:

    In this particular instance, yes MS comes out on top.

  4. Devang says:

    My friend’s gmail account was hacked … how can u say it is not vulnerable…

  5. Narendra says:

    I thinker Microsoft server can be easiliy hacked as they don’t use open source and they don’t much update themselves more often while linux is robust and open source and more often updated by open source community.

  6. Madiha says:

    Thanks for sharing such topic, plz save us n do something

  7. Jeff says:

    It is NOT a virus. It is a flaw. Your article is misleading and just plain wrong.

  8. chris says:

    i hate this stuff

  9. I do trust all the ideas you have introduced for your post.
    They are very convincing and can certainly work. Still, the posts are too brief for newbies.
    Could you please prolong them a little from next time?
    Thank you for the post.

  10. garage door says:

    Do you have a spam issue on this blog; I also am a blogger, and I was curious about your situation; many
    of us have developed some nice methods and we are looking to swap
    solutions with other folks, why not shoot me an email if interested.

Leave a comment

XHTML: You can use these html tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>