Heartbleed Bug: All you want to know about
Till now, whenever we did any transaction on Internet whether it will be online shopping or doing money transfer using online banking or logging into Gmail or Facebook we have always checked the LOCK , which gave us an assurance that all our transactions and information we have entered are secured and safe behind a strong encryption technology. It doesn’t matter who you are, you could be Technology Expert or a business man or a normal human having access to internet, everyone just trusted this lock.
What this LOCK means?
Before going to main topic I would like to explain (in brief) about the lock as its important for everyone to know about it. If we ask anyone in general about the lock they will say Lock represents Secured i.e. “https” but there is big technology working behind this secured channel to make it secure which is known as SSL (Secured Socket Layer), this is protocal which is commonly used for the security of data transmission over the network (Internet or any other network). It basically encrypts all the data you send on Internet and this data will only be read by the server who knows its decryption code (or key).
Below flow chart shows by Powersolution explain How SSL works in detail
What is Heartbleed?
The Heartbleed Bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This bug was discovered by a member of Google’s security team and a software security firm called Codenomicon. The bug affects web servers running Apache and Nginx software, and it has the potential to expose private information users enter into websites, applications, web email and even instant messages. So, I can say that all the information you have entered on website by trusting LOCK is now no more secure and anyone can read the data you have entered like Creditcard Number, Passwords, email address, Account numbers etc.
Check the below video by http://mashable.com Explaining HeartBleed bug
How to Protect
As this bug is first discovered by the researcher we can a bit asure that our information is safe but its hard to say if hackers or someone exploited the bug already before or not.
So, Internet users first have to identify if the website you are using is affected or not. You can check Text file uploaded on GitHub contains the list of websites vulnerable & affected by this bug. If you don’t want to check the huge list you can visit HeartBleed Checker, which lets you enter the URL of any website to check its vulnerability to the bug. If the site is vulerable, please change the passwords immidialty.
For Server Owners & System Admins:
Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1. To fix the bug you can upgrade to OpenSSL 1.0.1g or if its not possible for you to upgrade right now you can re-compile the OpenSSL with -DOPENSSL_NO_HEARTBEATS option.
Visit heartbleed.com for more and latest updates for the bug