The internet security flaw, pet named as ‘Heartbleed’ has been in the news for some time. The glitch has opened door for hackers to snoop on the potential information including passwords and credit card number. Even though internet giants have claimed that they have fixed the bug, there is still an overshadow of possible threats. At this juncture, let us dive deep to know more about the ‘heartbleed’ bug, how it affects us and what to do to keep us protected as compiled by cnet.
About ‘Heartbleed’
‘Heartbleed’ is a bug that affects the encryption technique that is used to protect e-mails and other information sent over the internet. The bug was found in the encryption technique called Open Secured Socket Layer generally known as Open SSL which can expose off personal information including passwords, credit card numbers and internal documents.
How does it affect
The Open SSL security encryption has a padlock and ‘https’ to indicate that the traffic is secure. The bug makes it easy for a hacker to fish out potential information from the users’ traffic even under the secured mode. Open SSL being the most commonly used security encryption on the internet is the most vulnerable when considered to the rest. The hacker can steal off information without the knowledge of the user.
Who identified the flaw
The flaw was identified by a Finnish security firm Codenomicon and by an independent Google researcher. The bug had existed for the past two years, however is thought not to be spotted by hackers.
Steps to security
The very step is to be taken by the internet search engines and other giants. Most of these firms have claimed that they have fixed the bug and assured the security of the information. However until these websites fix the bug and gain a new SSL certification there is nothing that can be done from an end users’ part.
Changing the password
Changing the password can also be of no extra security as the flaw will still not be fixed. It is advisable not to make any changes until the bug is fixed by the website as changing the password can be well described as giving a new password for a hacker.
Why some websites are secure
Some of the websites use other SSL options apart from the commonly used Open SSL. The flaw is reported to be affected only on this particular SSL encryption. Those websites that run on earlier versions or have not activated the Heartbleed feature are still safe.
How to know if a website is affected
A few testing sites such as LastPass and Qualys will tell you which websites are vulnerable or safe. Even though these sites provide a green signal it is advised to move ahead with great caution. An official confirmation can be thought to be the best signal to move ahead.
Are my bank accounts safe?
Most of the banks do not use the Open SSL security system rather have their own self proprietary encryption methods. However it is advisable to check with the bank authorities before you go forward. Users are instructed by security firms to keep a watch over their financial statements to identify any unauthorized charges.
No comments:
Post a Comment