Published On: Fri, Apr 11th, 2014

What is the “Heart bleed bug” and how can it affect you

Share This
Tags

The Heart Bleed virus has been affecting millions of websites on the Internet for two years, but there are ways to protect yourself from the bug, according to reports.

Though users don’t have much power over the Heart Bleed virus — website administrators and creators have to update their OpenSSL software — there are ways to defend important passwords on Gmail, Facebook, Yahoo! and other sites.

The Heart Bleed virus allows hackers to exploit a flaw in the OpenSSL encryption software used by a majority of major websites to steal data like credit card numbers, passwords, and other personal information. The first defense for Internet users, then, is to change your passwords to protect your information from being taken and abused.

However, if a major website is still vulnerable to the Heart Bleed bug, changing a password won’t matter; the website would have to update their software first. To defend against this, an online tool called the Heartbleed test was created to test if a website has been compromised by the virus. Simply type the web address of the website into the box, and it will let you know whether it is safe. Sites like Facebook, Gmail, Amazon, Yahoo!, Twitter and others have already updated their software.

The Heart Bleed virus basically takes advantage of OpenSSL encryption software, which is standard for many websites and designated by the small padlock symbol. When messaging back and forth on a secure connection — think Facebook or Gmail messaging — sometimes a computer wants to check if the other computer is still available. They check by send a small packet of data, called a “heartbeat,” which is then confirmed. The flaw allows hackers to use a fake packet of data, which tricks the computer into responding with data stored in its memory.

Worse, this flaw is undetectable by current standards and has existed under the radar for about two years. For an in-depth analysis and FAQ on the Heart Beat virus

The flaw was discovered by security firm Codenomicon and Neel Mehta, a Google security researcher. They said that even if you don’t frequently use the internet, you are most likely affected by the bug.

“You are likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company’s site, commercial site, hobby site, sites you install software from or even sites run by your government might be using vulnerable OpenSSL.”

Source: http://global.christianpost.com

Comments

comments

Displaying 19 Comments
Have Your Say
  1. ted says:

    Microsoft IIS Web and Windows 2012 File servers are immune to heartbleed, since they don’t use open source.

    Funny how he mentions that Facebook, Gmail, Amazon, Yahoo!, Twitter and others “fixed it” quickly (after 2 years) but never mentions that all Microsoft web servers are not even vulnerable, as well as Hotmail, MSN, live and outlook.com email accounts!

    • Giovanni says:

      Oh man! Really? :-)
      Micro$oft must be great!
      Gonna try it sometimes…

    • Ned says:

      Who says they are immune ? Rubbish ! If there is any attack MS Servers and software are the first to get affected. After all it is Microsoft that created a Virus framework called MS Windows ! Microsoft has absolutely no appreciations as far as security is concerned. If Hotmail is not infected may be HeartBleed is one of it’s modules in the code !

  2. Jesse says:

    Hotmail has all sorts of problems and always will. My dated Hotmail account sent other people phishing scams I never clicked on to start with…

    • (X) says:

      Okay so I play on this website called Kongreate,and I was wondering,IS IT INFECTED???????
      Really,is it?? I don’t use any personal info but I know a lot of people do on that website!

  3. duoc says:

    In this particular instance, yes MS comes out on top.

  4. Devang says:

    My friend’s gmail account was hacked … how can u say it is not vulnerable…

  5. Narendra says:

    I thinker Microsoft server can be easiliy hacked as they don’t use open source and they don’t much update themselves more often while linux is robust and open source and more often updated by open source community.

  6. Madiha says:

    Thanks for sharing such topic, plz save us n do something

  7. Jeff says:

    It is NOT a virus. It is a flaw. Your article is misleading and just plain wrong.

  8. chris says:

    i hate this stuff

  9. I do trust all the ideas you have introduced for your post.
    They are very convincing and can certainly work. Still, the posts are too brief for newbies.
    Could you please prolong them a little from next time?
    Thank you for the post.

  10. garage door says:

    Do you have a spam issue on this blog; I also am a blogger, and I was curious about your situation; many
    of us have developed some nice methods and we are looking to swap
    solutions with other folks, why not shoot me an email if interested.

  11. Do you mind if I quote a few of your posts as long as I provide credit and sources back
    to your blog? My website is in the very same niche as yours and my users
    would really benefit from a lot of the information you present here.

    Please let me know if this alright with you. Thanks!

    • Yucatan Times says:

      Not at all… please feel free to use any of our content as long as you give us the proper credit. Thank you !!!

  12. Simply desire to say your article is as astounding.

    The clearness to your post is simply great and i can assume you are knowledgeable in this subject.

    Well with your permission let me to snatch your feed to stay up to date with imminent post.
    Thank you a million and please continue the enjoyable work.

    Here is my homepage :: Free 3Ds eshop codes

  13. mononukleose says:

    This site was… how do you say it? Relevant!!
    Finally I’ve found something that helped me. Cheers!

  14. Shannon says:

    I loved as much as you will receive carried out right here.

    The sketch is tasteful, your authored subject matter stylish.
    nonetheless, you command get got an shakiness over
    that you wish be delivering the following. unwell unquestionably come more formerly again since exactly the same nearly very often inside case you shield this hike.

  15. Nymi also has motion and proximity sensors, that means that gesture-based mostly logins are possible.
    There are a lot of other possibilities while, relying on what is
    crucial to you and how a lot you want to devote. The user’s locale can be acquired from the GPS sensor and then applied
    to identify what applications he or she may perhaps want at a specific area and time.

    My homepage; how to unlock samsung galaxy s4

Leave a comment

XHTML: You can use these html tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>