Even
if you read a little about tech news, I doubt you may not have not heard the
name Heartbleed bug. It has shaken the internet geeks! But what is this buzz
all about?
What
is a Heartbleed?
Heartbleed
bug is a serious vulnerability in one of the implementation of SSL/TLS
cryptography protocol which is OpenSSL. The scary thing is, OpenSSL is used by
the 2/3 of the websites on the internet. And this bug went undetected for 2
years.
How
serious is this bug?
Quoting
the security expert Bruce Schneier,
"Catastrophic" is the right word. On the scale of 1 to
10, this is an 11.
What
is the risk?
This
security bug can allow attacker to read arbitrary 64kb chunk of server memory.
The vulnerability lets a hacker
access up to 64 kilobytes of server memory, but perform the attack over and
over again to get lots of information. This allows
the tracking the username, passwords and cookies. The Heartbleed bug is putting millions of passwords and credit
card numbers at risk.
What
can I do to make sure I am secure?
If
you have access to server, you will need to install latest OpenSSL patch. If
you are just a user, you can do nothing until website / web server
administrator has fixed the issue. Once the issue is fixed at sites, we
recommend you to change your passwords ASAP. To check if the issues is fixed
on aparticular site, check : http://filippo.io/Heartbleed/ .
How
do I know if I am not compromised?
Unfortunately,
exploitation of this bug leaves no traces of anything abnormal happening to the
logs as said on heartbleed.org . You won't find any abnormality in your log if
you've been compromised.
Which
famous sites were affected by this bug?
Being
a most famous SSL implementation, this was being used by most of the website.
Few of the famous sites allegedly affected are below:
·
Facebook
·
Instagram
·
Pinterest
·
Tumblr
·
Twitter
·
Google
·
Yahoo
·
Gmail
·
Yahoo
Mail
·
GoDaddy
·
Intuit
Turbo Tax
·
Dropbox
·
Minecraft
·
OkCupid
·
Stackoverflow
