The Heartbleed Security Flaw

I know these posts about hackers getting a hold of your data is starting to sound like a broken record however; another serious Internet security flaw has been discovered.

A bug named Heartbleed has made it possible for millions of usernames, passwords credit card numbers and other personal data to be exploited during the more than two years it went undetected.

Yes, this bug has been present for two years.

A Google researcher and a Finnish security firm called Codenomicon discovered Heartbleed. The researchers have put up a dedicated site to answer common questions about the bug. They even gave it an adorably gruesome custom icon.

This bug has a brazen irony surrounding it. This bug is in the code designed to keep servers secure. The HTTPS or HTTP (running on software known as SSL) present in the left hand corner of the browser bar for most sites you visit is reportedly the bug carrier. The software encrypts sensitive information to protect people’s privacy. At least 500,000 servers were reportedly vulnerable.

The bug being present for so long along with the fact data breaches can’t be detected has experts calling Heartbleed the worst bug yet.

One website equated the bug to someone going on vacation and leaving their home unlocked. Did someone come in while they were gone? Did they find and copy any sensitive data or personal information? How would you know? In essence, once an attacker breaches the software, they essentially have the keys to walk in the front door (unencrypted data), take most anything (your personal and sensitive data), and walk back out without your knowledge.

Companies have moved to implement fixes but none can say whether any exploits have taken place because perpetrators leave to no trail.

It’s not just an issue for major sites. A lot of smaller online stores and services use OpenSSL, and those sites might take longer to make the necessary fixes. Websites don’t typically publicize whether they’re using OpenSSL, so the process will also be bumpy for consumers.

Now before you start changing passwords and usernames be sure that your sites have implemented the bug fix. If the fix hasn’t been implemented you could be simply giving potential attackers a new set of credentials to exploit and acquire your data. If you’re not sure about a site, ask them. Here is where the catch 22 is going to come into play for those that use one ID to access more than one site. On one hand, a bad guy gets access to many sites with one ID. On the other hand, it makes changing access to many sites easier by those that need to change passwords and user IDs.

Go to the dedicated Heartbleed site for updates and more in-depth details.



Author: Geo Gee

I'm a curious one that finds politics, social issues, and diverse progressive solutions interesting. I believe information and education are the most powerful weapons one can arm himself with. Those two dynamics alone open the doors to opportunities. I also subscribe to each one teach one for a better world for all.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s