Heartbleed Bug – Serious OpenSSL Encryption Vulnerability

Heartbleed Bug – Serious OpenSSL Encryption Vulnerability

Heartbleed Bug – Serious OpenSSL Encryption Vulnerability

No Comments on Heartbleed Bug – Serious OpenSSL Encryption Vulnerability

A newly identified bug named the Heartbleed Bug has made nearly 70% of all websites on the Internet insecure — over 600 million, to put this in context. There is a major flaw in the security of the World Wide Web — one that has even Internet security firms feeling a little panicked.

The Heartbleed Bug makes the secret keys that encrypt your online data vulnerable to theft. An attacker can easily steal your usernames and passwords, instant messages, emails, business documents and communication from servers with this vulnerability.

The Heartbleed Bug has existed since March 14, 2012. Attackers who exploit it leave zero trace. That means that any website owner affected by this bug has no idea what data may have been compromised since then, or if any data was compromised at all. All that they can do is patch the bug immediately, communicate with customers and take measures to reset their systems.

What's next, and what you can do

There's nothing you can do until the companies managing websites that require log in (banks, online stores, etc, etc) apply the patch for the servers they use. We strongly encourage you to change your password. Everywhere. Beware of websites that are popping up to "check" for the vulnerability. You may be inviting theft of your data.

Where to read more about Heartbleed

Finnish National Cyber Security Center: NCSC-FI is distributing advisories and updates to technical communities.
Heartbleed.com: This contains FAQs with (mostly) simple answers.
CNET: 'Heartbleed' bug undoes Web encryption, reveals Yahoo passwords
Ars Technica: Critical crypto bug in OpenSSL opens two-thirds of the Web to eavesdropping
Before it's News: Heart Bleed Bug Could Compromise Large Part of the Internet

About the author:

Antonel Neculai is a specialist in the area of communications, public relations and social media with extensive background in internet communication technologies. Holds a Master Degree in the field of communications. Besides being a contributor to our blog and many other specialized online and offline publications, Antonel Neculai also holds the position of MIS/Database Manager with the Chamber of Commerce of North Myrtle Beach, South Carolina. Antonel taught Communications and Public Relations classes at Coastal Carolina University for more than four years and worked as a Public Relations Specialist for the Chamber of Commerce of Romania.

Back to Top