Heartbleed

What exactly is Heartbleed?

It is a bug that exists within a popular open source encryption software called OpenSSL and has apparently been around since 2012. Systems protected by the vulnerable versions of the OpenSSL software would have been a hacker’s goldmine as information that is usually protected by the Secure Sockets Layer (SSL)/Transfer Layer Security (TSL) encryption have now been left exposed.

Who discovered it and how?

Neel Mehta of Google Security and three engineers from Finnish based security firm, Codenomicon have been credited with discovering it. The flaw was found during a vigorous routine security check and software testing by the respective parties.

So why is it a threat to us? Is it very bad?

An independent security expert, Bruce Schneier says that “On the scale of 1 to 10, this is an 11.” It is a major threat to all our online accounts as a large portion of service providers utilize the SSL/TSL protocols to encrypt any sort of personal data from the users.

This means that much of our personal information such as banking details, communications to and fro, passwords and more have been up for grabs for a very long time with hackers having unrestricted access to them.

Do we know which are the sites affected?

The bug does not discriminate and as long as the site uses OpenSSL it would have been affected. Facebook, Pinterest, Gmail and Dropbox are just the tip of an iceberg of the numerous sites that might have been compromised.

Mashable has compiled a pretty neat list here on what some of the top social and service providers say.

Would I know if someone tried to exploit my information?

Unfortunately, no. The way the bug works is that it does not leave any trackers or irregularities in the computer logs.

So what can I do about it?

Changing your passwords would be your best bet. But wait! Before you do that, you need to make sure that the site has been updated with the released fix (newer OpenSSL versions). Otherwise, you could potentially be compromising both your OLD and NEW data when you login to change them.

This is a handy and safe tool built by Filippo Valsorda where you can check if a specific site remains vulnerable to attacks.

 Lyn Ong

Find out more here.