Heartbleed Bug: Should You Panic? Wednesday, April 9, 2014 6:07 PM GMT Heartbleed, a bug within OpenSSL, is making headlines this week, and while it might seem like a rather technical issue, it has some real-world ramifications that could impact the online services you use every day. Even worse, theres really no way to tell what malicious activity has occurred thanks to Heartbleed. Heartbleed is a vulnerability in the open-source encryption standard OpenSSL. Its so named because it affects heartbeat, which is a way to ensure that there is communication between each end of a connection. Heartbleed mimics a heartbeat, allowing it to intercept data. No matter how secure you think your information is, its not. The same goes for passwords, even if theyre 16 characters long and filled with a nonsensical mix of symbols and numbers. Malware analyst Mark Loman demonstrated that some Yahoo Mail passwords are easily viewed in plain text as result of Heartbleed. If youre a security expert, then youre already on the case. But if youre just a regular Internet user like the rest of us, you undoubtedly have a few questions: What sort of applications does Heartbleed affect? Web, email, instant messaging, and virtual private networks. So pretty much everything you use online on a regular basis. How many servers are vulnerable because of Heartbleed? Experts estimate that about two-thirds of the worlds servers are affected. Who discovered Heartbleed? Researchers from security testing and software company Codenomicon and Google. How long has this been going on? The vulnerability was in the OpenSSL code released March 2012. Should I be concerned? Yes. Information you believed to be secure might not be and its possible that it might have been obtained by scammers. How can I tell if Ive been affected? Because your information stretches across such a vast array of sites and applications, theres really no way. The vulnerability means servers cannot detect the difference between real use and an attack. If you want to know what specific sites have the Heartbleed bug, LastPass has a tool where you can type in specific URLs and see if they are on the list. Theres also a list on Github of sites that are reportedly affected by Heartbleed. What can I do? Theres not much you can do except to change your passwords, but unless the impacted sites have rolled out the available fix, that might not do the trick. The best you can do is hope that impacted sites install the fix, while monitoring your accounts for unusual activity. Frequently changing your passwords is a good idea no matter what.
Posted on: Thu, 10 Apr 2014 01:49:48 +0000
Trending Topics
Recently Viewed Topics
© 2015