Don’t Let Your Heart Bleed Out

14/04/2014
By Staff Writers
In Cybershack News

You’ve probably seen a lot of news about the Heartbleed bug. But in case you still don’t have a clue of what it is and how it affects you, we’ve outlined important details about Heartbleed so you’d know how you can protect yourself in case your information was compromised. Basically, the Heartbleed bug is a security vulnerability in OpenSSL – a widely used library that encrypts website and email information…

Follow @CyberShack

Basically, the Heartbleed bug is a security vulnerability in OpenSSL – a widely used library that encrypts website and email information. With Heartbleed, a hacker can pass an incorrect value to an OpenSSL extension and read a small portion of a website host’s memory. The process can be repeated in order to get more information including names, passwords and contents to name a few.

The bug was apparently discovered by researchers from Google and a Finnish security firm, so there is reason to believe that the bug may not have been used as a means to obtain user information in a malicious manner. However, the bug leaves no footprint, so there’s actually no way to be sure that it wasn’t used to gather sensitive information from users (although recent reports say that the US’s NSA already had knowledge of the bug and exploited it for snooping).

After its discovery, the bug was immediately patched by OpenSSL version 1.0.1g, which was released on April 7. So those who are managing their own websites and their own servers should upgrade to the latest version of OpenSSL in order to be safe.

As for ordinary internet users, it’s highly recommended that they change their passwords (which is actually recommended even before the bug was discovered), especially to those websites who use OpenSSL just to be safe in case your personal information was compromised.

Get the freshest tech news from CyberShack