Published On: Fri, Apr 11th, 2014

What is the “Heart bleed bug” and how can it affect you

Share This

The Heart Bleed virus has been affecting millions of websites on the Internet for two years, but there are ways to protect yourself from the bug, according to reports.

Though users don’t have much power over the Heart Bleed virus — website administrators and creators have to update their OpenSSL software — there are ways to defend important passwords on Gmail, Facebook, Yahoo! and other sites.

The Heart Bleed virus allows hackers to exploit a flaw in the OpenSSL encryption software used by a majority of major websites to steal data like credit card numbers, passwords, and other personal information. The first defense for Internet users, then, is to change your passwords to protect your information from being taken and abused.

However, if a major website is still vulnerable to the Heart Bleed bug, changing a password won’t matter; the website would have to update their software first. To defend against this, an online tool called the Heartbleed test was created to test if a website has been compromised by the virus. Simply type the web address of the website into the box, and it will let you know whether it is safe. Sites like Facebook, Gmail, Amazon, Yahoo!, Twitter and others have already updated their software.

The Heart Bleed virus basically takes advantage of OpenSSL encryption software, which is standard for many websites and designated by the small padlock symbol. When messaging back and forth on a secure connection — think Facebook or Gmail messaging — sometimes a computer wants to check if the other computer is still available. They check by send a small packet of data, called a “heartbeat,” which is then confirmed. The flaw allows hackers to use a fake packet of data, which tricks the computer into responding with data stored in its memory.

Worse, this flaw is undetectable by current standards and has existed under the radar for about two years. For an in-depth analysis and FAQ on the Heart Beat virus

The flaw was discovered by security firm Codenomicon and Neel Mehta, a Google security researcher. They said that even if you don’t frequently use the internet, you are most likely affected by the bug.

“You are likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company’s site, commercial site, hobby site, sites you install software from or even sites run by your government might be using vulnerable OpenSSL.”


Mexico Travel Care




Displaying 9 Comments
Have Your Say
  1. ted says:

    Microsoft IIS Web and Windows 2012 File servers are immune to heartbleed, since they don’t use open source.

    Funny how he mentions that Facebook, Gmail, Amazon, Yahoo!, Twitter and others “fixed it” quickly (after 2 years) but never mentions that all Microsoft web servers are not even vulnerable, as well as Hotmail, MSN, live and email accounts!

    • Giovanni says:

      Oh man! Really? 🙂
      Micro$oft must be great!
      Gonna try it sometimes…

    • Ned says:

      Who says they are immune ? Rubbish ! If there is any attack MS Servers and software are the first to get affected. After all it is Microsoft that created a Virus framework called MS Windows ! Microsoft has absolutely no appreciations as far as security is concerned. If Hotmail is not infected may be HeartBleed is one of it’s modules in the code !

  2. duoc says:

    In this particular instance, yes MS comes out on top.

  3. (X) says:

    Okay so I play on this website called Kongreate,and I was wondering,IS IT INFECTED???????
    Really,is it?? I don’t use any personal info but I know a lot of people do on that website!

  4. Devang says:

    My friend’s gmail account was hacked … how can u say it is not vulnerable…

  5. Jeff says:

    It is NOT a virus. It is a flaw. Your article is misleading and just plain wrong.

  6. chris says:

    i hate this stuff

  7. Alejandro Alejandro says:

    Not at all… please feel free to use any of our content as long as you give us the proper credit. Thank you !!!

Leave a comment

XHTML: You can use these html tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>