The Heartbleed Bug
I imagine many of you reading this have heard about the Heartbleed bug and are wondering which sites are affected and how it affects you.
The Heartbleed bug is not a virus, but simply an error in the coding in the open-source SSL that many sites use to protect their sensitive data. The heartbleed bug has affected nearly 2/3 of websites across the internet (our site, www.carbideprocessors.com, was not affected). Basically, Heartbleed is a vulnerability that centers around the encryption language computers use to keep information private. After checking to see if our website was affected and taking all necessary precautions, I did a little research to find out a little more about this little bug that has caused such a great and wide spread impact across the web world.
*Note: Carbide Processors’ site was not affected, but we would still advise you to change your passwords as it is a good practice for online security.
Fist let me explain a little more about what the heartbleed bug is. Basically Heartbleed is a bug in the OpenSSL which allows hackers to take chunks of information out of the server’s active memory by spoofing a “heartbeat”. “Active” really is the operative word here. With the Heartbleed vulnerability, hackers can only take information as it is being sent (so you would have to be sending the information at the exact same time the hacker is stealing the information). Basically, they can only intercept the data as it is being sent.
The biggest difference between this virus and a standard security breech where a server is hacked is that the information taken from a site that was affected by the heartbleed bug allows hackers to grab information that is not encrypted.
What is SSL?
If you ever log into a site that asks you for any personal information, you may notice a lock symbol and the “https://” in the browser. That means that information entered on that site is using a special encryption code to prevent hackers from being able to see your personal information. The SSL encrypts the sensitive information using a complex code. Many sites use what is called OpenSSL code to encrypt information. The Heartbleed bug is basically a security hole that was left open and allows hackers to eavesdrop on a communication between servers like when you login in or enter data on a site.
What should you do?
I have found this very handy tool that allows you to check websites to see if they have been affected or have fixed the problem on their websites. Even if the site shows as safe, you should definitely change your passwords. If the site has not fixed the coding error and is still showing as unsafe, do not login until they have fixed the problem and are no longer susceptible to the Heartbleed bug.
You can check websites at Filippo. There is a link below to the “Heartbleed test”:
https://filippo.io/Heartbleed/
Tags: Heartbleed bug
Leave a Reply