Hey all!
As sort of a Public Service Announcement (PSA), I have recently become aware of a serious security flaw in many of the websites, and internet servers currently used by majority of the world. This flaw has become known as the Heartbleed bug and can allow for the attacker to access usernames, passwords, credentials, emails, messages, bank accounts, Social Security numbers, etc without leaving a trace.
Most of the social media sites, company sites, bank websites, and even government sites use OpenSSL. OpenSSL is the most widely used open-source cryptographic library and uses SSL and TLS protocols. SSL stands for Secure Sockets Layer and TLS stands for Transport Layer Security both of which are the primary cryptograph protocols used to secure internet communications. The flaw has been found in the implementation of the OpenSSL and not the hard-coded C+ programmable code.
The Heartbleed bug allows for an attacker to access the memory of the OpenSSL and the security “keys” of the system. By obtaining the “access codes” the attacker can use it to decipher all communications incoming and outgoing from the certain site. The bug gets its name from the user to service interaction termed a “heartbeat”. It does not act as a middle man hacker, but rather allows the attacker to access the site directly and listen in on communications or steal data sent between the user and the service. While it does not equate to all of your information is compromised, the Heartbleed bug greatly increases the vulnerability of leaked personal information. This bug has gone unnoticed for about two years until it was recently detected by Codenomicon and Google.
Unfortunately as a user, there is not much physically that you can do to remedy the problem. The companies and website facilitators must update the OpenSSL to the patched version. Once this occurs, you should definitely change your passwords and audit your information. This situation is problematic and unique because this fix is on a site by site basis so there is no way to tell when the internet will be secured again. Over 60% of internet communications operate under OpenSSL so this flaw affects almost every aspect of the internet.
While this is a general view on the Heartbleed bug, a more in depth analysis and breakdown can be found in the link below.
http://gizmodo.com/how-heartbleed-works-the-code-behind-the-internets-se-1561341209
Stay Safe and Fight On!
Markus
