11 April 2014

The Internet Heartbleed Bug: What You Must Do to Protect Your Computer and Data

THE HEARTBLEED BUG, WHAT IS IT?

If you use the internet, you may by now have heard of the recently uncovered “Heartbleed Bug.” If you have not, or have heard but do not understand it, you must ensure you do by reading this article because you just might be in danger of leaking your sensitively private information.

What is the Heartbleed Bug?

Now, what exactly is the Heartbleed Bug? Wikipedia says it "...is a software bug in the open-source cryptography library OpenSSL, which allows an attacker to read the memory of a server or a client, allowing them to retrieve, for example, a server's SSL private keys." Put another way, it is a serious vulnerability in the popular OpenSSL cryptographic software library.

In very simple layman terms, the bug allows the ever-present online nefarious individuals the ability to intercept and decode encrypted data. Simple to understand this way, isn't it?

Heartbleed bug
Logo representing the Heartbleed bug. Source: Wikipedia.
The logo and the name "Heartbleed" have contributed to public awareness of the issue.
The following quote comes from heartbleed.com:
“The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.”
The bug is so-named due to a normal function between two computers across a network (such as the Internet) sharing an encrypted connection. The “heartbeat” is simply a pulse, or packet of information, sent from one machine to the other to ensure the connection still exists. This functionality is what allows the exploit to occur, in that the heartbeat is simulated by a third party in such a way as to allow them access to the memory of the receiving server.

What this translates to is virtually unlimited, and untraceable, access to a myriad of private information which potentially can include usernames, passwords, and even credit card information.

You finally gotten the hang of what this bug means and can do, haven't you? So what can you do about it? How do you protect yourself?

Protect yourself from the Heartbleed Bug

In a recent article by Reuters, the reputable news agency reports that "...security experts warn there is little Internet users can do to protect themselves from the recently uncovered "Heartbleed" bug that exposes data to hackers, at least not until vulnerable websites upgrade their software."

What does this mean? It means although you may be able to do little to protect yourself and your computer from this Bug on the internet, the major protection must come from "operators and owners" of websites you use (e.g email providers, banks, social network sites, online shops, etc etc). These "operators" must work on their sites to "patch up" this vulnerability, but you must also do something, albeit, little (see below).

Reuters further reports that reps for Facebook Inc, Google and Yahoo Inc say they have taken steps to mitigate the impact on their users. Going further, it reports that although Amazon.com Inc says "Amazon.com is not affected", however, "...some of its Web cloud services, which provide the underlying infrastructure for apps such as online movie-streaming service Netflix and social network Pinterest, had been vulnerable."

The truth is that the full extent of the situation is not presently known. What is known is that we (you and I) should all consider all of our passwords to be compromised. Thus, we would absolutely want to update any passwords for anything and everything we log into online. However, if you change your password for an account on a server that has not been "patched up", then you can consider the new password compromised as well.

How do you know compromised website?

Fortunately, while surfing the net for information on how to combat this serious vulnerability, to ensure constant safety on the internet, I came across a tool offered for free by HostGator, a hosting company, which would allow anyone to determine if any website they are using is safe.

Note that even if the tool says the website you are checking is "SAFE" now, that website may have been recently "patched up" by its "operators or owners", so you must still assume the worst may have happened previously and change all your passwords. The tool just tells us the state of the website now.

To access the free tool to assist you with determining whether or not your site (or any other site) is presently vulnerable, visit: https://heartbleed.hostgator.com/.

For more information regarding this bug, you may read the Wikipedia article on Heartbleed Bug.

5 comments:

  1. Replies
    1. Hey Tee, my good friend, that really did sound good coming from you. Ciao man!

      Delete
  2. Dear sir, Thanks for answering my query earlier. I also want to know the following. In the first month I pay $ 10 membership fee actually by remitting to AGN. Whether the $ 10 membership fee payable second month onwards can be deducted every month out of $ 40 received from bonus pack for next five months instead of paying it actually to AGN In case I do want to buy any ad packs to maximize the revenue and wish to stop at the end of six months, can I withdraw $ 190 ($ 240- $ 50)

    ReplyDelete
    Replies
    1. Hello Chandra, please stop spamming. Do NOT repeat the same question on different articles' comment sections. It gives rise to off-topic comments, and thus spamming. You already made this same comment before.

      Delete
  3. Hi Ashley, you're welcome. Thanks!

    ReplyDelete