Home | Life & Style | " Heartbleed "...

" Heartbleed "...

image
Heartbleed, a bug within OpenSSL, is making headlines this week, and while it might seem like a rather technical issue, it has some real-world ramifications that could impact the online services you use every day. Even worse, there's really no way to tell what malicious activity has occurred thanks to Heartbleed.

 

 

 

 

 

 

 

 

 

 

Heartbleed, a bug within OpenSSL, is making headlines this week, and while it might seem like a rather technical issue, it has some real-world ramifications that could impact the online services you use every day. Even worse, there's really no way to tell what malicious activity has occurred thanks to Heartbleed.

 

Heartbleed is a vulnerability in the open source encryption standard OpenSSL. It's so named because it affects heartbeat, which is a way to ensure that there is communication between each end of a connection. Heartbleed mimics a heartbeat, allowing it to intercept data.

 

No matter how secure you think your information is, it's not. The same goes for passwords, even if they're 16 characters long and filled with a nonsensical mix of symbols and numbers. Malware analyst Mark Loman demonstrated that some Yahoo Mail passwords are easily viewed in plain text as a result of Heartbleed. 

 

If you're a security expert, then you're already on the case. But if you're just a regular Internet user like the rest of us, you undoubtedly have a few questions, which we'll answer here.

 

What sort of applications does Heartbleed affect? Web, email, instant messaging, and virtual private networks. So pretty much everything you use online on a regular basis.

 

How many servers are vulnerable because of Heartbleed?  Experts estimate that about two-thirds of the world's servers are affected.

 

Who discovered Heartbleed?  Researchers from security testing and software company Codenomicon and Google.

 

How long has this been going on?  The vulnerability was in the OpenSSL code released in March 2012.

 

Should I be concerned?  Yes. Information you believed to be secure might not be, and it's possible that it might have been obtained by scammers.

 

How can I tell if I've been affected?  Because your information stretches across such a vast array of sites and applications, there's really no way to tell. The vulnerability means servers cannot detect the difference between real use and an attack. If you want to know what specific sites have the Heartbleed bug, LastPass has a tool where you can type in specific URLs and see if they are on the list. There's also a list on Github which details the sites that are reportedly affected by Heartbleed.

 

What can I do?  There's not much you can do except to change your passwords, but unless the affected sites have rolled out the available fix, that might not do the trick. The best you can do is hope that affected sites install the fix, while monitoring your accounts for unusual activity. Frequently changing your passwords is a good idea no matter what.

 

For more, check out our guide to making up very strong passwords, and our closer look at the best password managers. / Ziff Davis, Inc

 

 

Subscribe to comments feed Comments (0 posted)

total: | displaying:

Post your comment

  • Bold
  • Italic
  • Underline
  • Quote

Please enter the code you see in the image:

Captcha
Share this article
Tags
Rate this article
0