Heartbleed bug is the newly discovered vulnerability in the security field. It puts the users’ password for many popular websites at risk. Since this is a serious issue, many confusions are there about the bug as you use the web. In this post, let us see about Heart Bleed the latest bug in the website security
First let us know what is the Heartbleed bug
It is the vulnerability in the security of the websites that allows the hackers to access the memory of the servers. This means that your personal information on the website is at risk. The information includes your credit/debit information, passwords, and usernames.
This also means that the hacker could steal the server’s keys that were used to encrypt the documents and the communication.
Why the name Heartbleed bug
Heartbeat is a word which refers to one of the Extensions on open SSL. This protocol is used to keep the connections open even when there is no data communication. Hence, the name Heartbleed.To educate people about the bug the team who coined the name bough the site Heartbleed.com.
Are all sites are affected?
This bug affects all the open SSL sites. However, some sites use other SSL options and others use earlier versions of SSL’s which didn’t enable heartbeat feature. Giants like Google and Facebook use PFS (Perfect Forward Recovery) which mitigates the potential damage.
How Heartbleed bug works?
The hacker performs the attack over and over as they gain access only up to 64Kbps of server memory. They just don’t get your passwords alone, they do get the access to the cookie data. As they perform the attack repeatedly, more serious information gets into their hands. Using that they will be able to run even a fake website.
Should you change your password?
It is recommended to change your password for many websites. However, you need to wait from the site owner confirming that the issue has been resolved. If the bug is not fixed, changing the password does not do any good.
How to check affected websites?
Developers have created many testing websites to check which sites are affected by the bug. Some of the good testing sites include Qualys which is created by a security company and Lastpass which is created by the company that creates password, manager.
The main thing is to wait for the official confirmation from the website. Many companies started issuing health statement of their sites. If you have any doubt, please contact the respective site’s support about its health.
You can use Password Managers which helps you to generate random passwords for each account.