What is Heartbleed?
Heartbleed is a security bug which was discovered in OpenSSL open source library - which is used to execute the transport layer protocol for security. Heartbleed is a grave vulnerability that allows attackers to steal protected information using the SSL/TLS encryption. The bug has been classified of the type buffer over-read, which tends to read parts of memory that are not intended for access. Systems using the vulnerable OpenSSL versions are at risk since the bug captures secret keys, usernames and passwords in order to gain access and steals data from the system, impersonating to be actual users. It tends to jump the buffer boundary to capture memory not meant for it. Such a triggered bug can cause erratic behavior or errors in a program , which can also lead to system crash.
Why is it being talked about?
Heartbleed has been existing for over two years now, and the discovery was made only recently. Moreover, it has been termed catastrophic by experts, which is why this bug is in spotlight. This security bug had floundered the systems of millions of users, that is, a whopping 66% of the internet users. Even some highly popular websites were affected by this flaw, since numerous usernames and password details were also compromised.
How to detect if you're bitten by the Heartbleed bug?
If you wish to know whether Heartbleed has affected your account or not, you can check it for free on some websites that offer this service.
These websites tell a user if their email account has ever been hacked in the past. They also notify users if it is compromised even again in future.
What step to take if your account is hacked?
Changing the password is the first thing you should do when you come to know that your credentials were tampered with. You can also use a password management tool such as 1password or LastPass.
A fix has also been released, Fixed OpenSSL - which can be deployed by service providers, operating system vendors, appliance and software vendors.
These bugs and viruses will come and go.. and may cause havoc too. But the onus is upon us to ensure that we follow safe browsing practices. Hope this information helps you maintain a secure cyber environment. Happy surfing!