Heartbleed, the security bug, is now estimated to potentially risk two-thirds of the Internet Web servers, reports CNN today. The protective software for encryption is infected with a bug that threatens your passwords and sensitive personal information.
It can weaken secure protocols ‘https’ and it has been known since 2011. The bug starts with version 1.0.1 and 1.0.2 beta releases of OpenSSL, an open source encryption technology.
This flaw allows cyber thieves to see up to 64 kilobytes of data at a time, which gives the attackers enough to develop a library of keys to access a system’s secret keys. Those keys are the entry to encrypt and decrypt sensitive traffic and identify service providers.
The security firm, Finnish Codenomicon and Google expert researcher Neel Mehta discovered the bug and its official name is CVE-2014-0160. Heartbleed is appropriate to describe the sorrow it causes it loss of private data.
It is now known what has been invaded but user data and encryption keys on sites must upgrade to the patched version of OpenSSL. In order to secure your software the compromised SSL must be deleted and a new one established.
The researchers at the Finnish firm have put up a dedicated site to answer common questions about the bug. The site displays the bleeding heart to reveal the serious risk and consequences of it attacker.
Google, Facebook, Amazon and other ‘Net’ companies have secured their sites. Yahoo reported that they had an issue on Tuesday morning but the site has been secured.
Web Sites that utilize ‘perfect forward secrecy', which changes security keys so fast that future traffic can't be decrypted even if security is breached, is used by Twitter. Other major social media and big ‘Net’ companies installed this 'scrambled' enabled software last year. They have not announced any negative effect as a result of their move to the encrypted system last year.
Filippo Valsorda has posted open-source code to test for the flaw on GitHub.
Because Heartbleed is at the heart of breaking into encryption it requires significant change at Web sites, which requires a new site. Anyone attacked would change passwords because they are now useless for security. Anyone who has not changed passwords from one Web site to the next site will be completely at risk and will need to change all passwords at all Web sites.
To find more about Cyber Security view the list below in Author’s suggestions and the video atop this article about the Heartbleed bug and how it may affect you.
Twitter: Victoria Wagner@victoriaross888