Internet is one of our daily needs as we mostly spend our time to surf on internet for needful transactions. Our virtual network is full of expected and unexpected happenings. From Google to Twitter all big names assist visitors to experience the web differently. But in recent times many virtual attacks has also showing their virtual presence on the web, which costs visitors virtually and financially. Among of them Codenomicon and Google team has recently discovered a new bug independently, which poses a serious vulnerability in the OpenSSL cryptographic software library.
Note: OpenSSL core library is written in C programming language, which implements the basic cryptographic and other utility functions. It is an open source implementation of TLS and SSL protocols.
In this article I have mentioned the brief introduction of heartbleed bug and its impact on the web services. Readers are advised to visit https://www.cert.fi/en/reports/2014/vulnerability788210.html to read its full technical specifications.
Heartbleed in brief:
Heartbleed is a security bug in most popular OpenSSL library which works with the implementation of TLS and DTLS(Datagram transport layer security) of OpenSSL. It allow anybody to read the memory of protected systems by the vulnerable version of OpenSSL. It also allows cyber criminals to steal confidential data from various sources over the web such as email communication, online financial transactions, social networks and many more. Heartbleed is also technically named as a CVE-2014-0160 for official reference and is maintained by MITRE.
Why Heartbleed so dangerous
Usually in many software or web applications when a certain bug is found then it is fixed by modified version of particular software or web applications. But in the case of heartbleed it lefts large amount of private keys and exposed various secrets on the web. So considering these exposed web secrets, OpenSSL team take this threat on priority basis and flag this bug as “Dangerous” over the the web.
Note: Heartbleed arise from implementation(programming) issue in OpenSSL library which provides cryptographic services such as TLS/SSL to the web services.
Safety measures to protect yourself from heartbleed bug
Encryption of data provides extra security to users data and securely transfers his/her data over the web. SSL and TLS protocols ensures the transmission of encrypted data over the secure path. It mainly used to encrypt traffic on the web. But as heartbleed recently opens the loopholes in this secure path so readers are advised to adopt few safety measures to protect their important data from this bug.
a) As OpenSSL mostly used in securing email servers,chat servers,virtual private networks and various other client side software. So it is recommended to change your usernames and passwords from all reputed websites such as gmail, facebook, reditt, pinterest etc.
b) Remove all temporary cookies and browser cache from your computer, laptops. As it increased the threat to read session data from existing cookies from the system.
c) Please check and approve valid digital security certificate while visiting any particular website.
d) Scan your computers and laptops for any existing bugs, which could transfer your files upon connecting to the internet.
e) Use Online banking securely. Always use valid and verified URL(uniform resource locator) for online banking.
Note: By the writing of this article a patch has been released by OpenSSL team to fix heartbleed bug. Readers are advised to visit https://www.openssl.org/news/secadv_20140407.txt to see detailed information on heartbleed fix.
Uploaded by: Author