Are you 'Heartbleeding'?

Are you afraid of the internet security bug CVE-2014-0160, commonly known as “Heartbleed”?. The bug was discovered on 7 April 2014, by Google researcher Neel Mehta and security firm Codenomicon, who were working independently. It affects OpenSSL which is an open-source software package for the Secure Sockets Layer (SSL) protocol. SSL is meant to prevent someone from eavesdropping on you while you are browsing the Internet by encrypting your data. This bug puts many users’ personal information on a multitude of websites at risk.

The Heartbleed bug is a very serious online security breach, since internet browsing and social networking is vastly popular around the globe. This breach allows the hackers to get bits of your personal information without leaving a trace. Unfortunately, there is no way for you to discover if your information has been stolen or not. Websites that handle e-commerce or personal information, including passwords, usernames, and credit card information are naturally riskier. In case you thought that it couldn’t get any worse, this bug also allows attackers to steal a server’s digital keys, allowing them to get access to a company’s internal documents.

You’re probably wondering how this bug works. The Heartbleed bug allows 64 kilobytes (kB) of server memory to be accessed by the attacker. It doesn’t seem like a major problem, but when attackers perform this task repeatedly, they can secure quite a bit of information. It allows them to get not just the usernames and passwords, but also all the cookie data that Web servers use to save log-in information and to identify users. According to the Electronic Frontier Foundation, by repetitively attacking, it could allow attackers to retrieve sensitive information. This information can allow someone to run a fake version of a website and use it to steal all the information like credit card numbers and private messages.

If you are worried about your personal information getting stolen, you can check which websites are vulnerable to the bug by entering the link to testing sites that have created by developers and companies. LastPass, a password management software developer, has created a nice Heartbleed checker. If the websites were recently patched, the checker would give you a green flag. But you should still proceed with caution, and obviously stop using the red flagged sites until it’s patched. An article written by Mashable included a list of compromised sites, it gives you a general idea of which websites were/are affected, and if you need to change your passwords. Either way, it’s important to change your passwords in case, and to avoid using the same password on multiple sites.

Heartbleed is a serious bug and there might be other security flaws lurking around the Web waiting to hunt you down. You should always watch out on what you do online.