Read the Beforeitsnews.com story here. Advertise at Before It's News here.
Profile image
By [Blank]\\\'s Universe
Contributor profile | More stories
Story Views
Now:
Last hour:
Last 24 hours:
Total:

Are you 'Heartbleeding'?

Tuesday, April 15, 2014 14:28
% of readers think this story is Fact. Add your two cents.


Are you afraid of the internet security bug CVE-2014-0160, commonly known as “Heartbleed”?. The bug was discovered on 7 April 2014, by Google researcher Neel Mehta and security firm Codenomicon, who were working independently. It affects OpenSSL which is an open-source software package for the Secure Sockets Layer (SSL) protocol. SSL is meant to prevent someone from eavesdropping on you while you are browsing the Internet by encrypting your data. This bug puts many users’ personal information on a multitude of websites at risk.

The Heartbleed bug is a very serious online security breach, since internet browsing and social networking is vastly popular around the globe. This breach allows the hackers to get bits of your personal information without leaving a trace. Unfortunately, there is no way for you to discover if your information has been stolen or not. Websites that handle e-commerce or personal information, including passwords, usernames, and credit card information are naturally riskier. In case you thought that it couldn’t get any worse, this bug also allows attackers to steal a server’s digital keys, allowing them to get access to a company’s internal documents.

You’re probably wondering how this bug works. The Heartbleed bug allows 64 kilobytes (kB) of server memory to be accessed by the attacker. It doesn’t seem like a major problem, but when attackers perform this task repeatedly, they can secure quite a bit of information. It allows them to get not just the usernames and passwords, but also all the cookie data that Web servers use to save log-in information and to identify users. According to the Electronic Frontier Foundation, by repetitively attacking, it could allow attackers to retrieve sensitive information. This information can allow someone to run a fake version of a website and use it to steal all the information like credit card numbers and private messages.

Although many websites can be affected by the bug, there are sites that does not use OpenSSL, or uses the earlier version of the software. The versions of OpenSSL that are affected are 1.0.1 through 1.0.1f. Some tech giants that support Perfect Forward Secrecy (PFS), like Facebook and Google, can prevent this bug from attacking. PFS is designed to prevent attackers from decrypting an encrypted key they retrieve from the bug by generating a new key periodically. If an attacker did get an encryption key out of a server’s memory, they will not have enough time to decrypt the key before the new key is generated. This does not solve the problem, but it does mitigate it.

If you are worried about your personal information getting stolen, you can check which websites are vulnerable to the bug by entering the link to testing sites that have created by developers and companies. LastPass, a password management software developer, has created a nice Heartbleed checker. If the websites were recently patched, the checker would give you a green flag. But you should still proceed with caution, and obviously stop using the red flagged sites until it’s patched. An article written by Mashable included a list of compromised sites, it gives you a general idea of which websites were/are affected, and if you need to change your passwords. Either way, it’s important to change your passwords in case, and to avoid using the same password on multiple sites.

Heartbleed is a serious bug and there might be other security flaws lurking around the Web waiting to hunt you down. You should always watch out on what you do online.

Source – Codenomicon

Originally posted at http://www.blanksuniverse.ca .


Source: http://www.blanksuniverse.ca/2014/04/are-you-heartbleeding.html


Before It’s News® is a community of individuals who report on what’s going on around them, from all around the world.

Anyone can join.
Anyone can contribute.
Anyone can become informed about their world.

"United We Stand" Click Here To Create Your Personal Citizen Journalist Account Today, Be Sure To Invite Your Friends.

Please Help Support BeforeitsNews by trying our Natural Health Products below!


Order by Phone at 888-809-8385 or online at https://mitocopper.com M - F 9am to 5pm EST

Order by Phone at 866-388-7003 or online at https://www.herbanomic.com M - F 9am to 5pm EST

Order by Phone at 866-388-7003 or online at https://www.herbanomics.com M - F 9am to 5pm EST


Humic & Fulvic Trace Minerals Complex - Nature's most important supplement! Vivid Dreams again!

HNEX HydroNano EXtracellular Water - Improve immune system health and reduce inflammation.

Ultimate Clinical Potency Curcumin - Natural pain relief, reduce inflammation and so much more.

MitoCopper - Bioavailable Copper destroys pathogens and gives you more energy. (See Blood Video)

Oxy Powder - Natural Colon Cleanser!  Cleans out toxic buildup with oxygen!

Nascent Iodine - Promotes detoxification, mental focus and thyroid health.

Smart Meter Cover -  Reduces Smart Meter radiation by 96%! (See Video).

Report abuse

    Comments

    Your Comments
    Question Razz Sad Evil Exclaim Smile Redface Biggrin Surprised Eek Confused Cool LOL Mad Twisted Rolleyes Wink Idea Arrow Neutral Cry Mr. Green

    MOST RECENT
    Load more ...

    SignUp

    Login

    Newsletter

    Email this story
    Email this story

    If you really want to ban this commenter, please write down the reason:

    If you really want to disable all recommended stories, click on OK button. After that, you will be redirect to your options page.