One of the biggest security threats the Internet has ever seen has been exposed by an encryption flaw called the Heartbleed bug, and companies such as Yahoo, Dropbox and GoDaddy have already been affected by it.
Secure websites that are running SSL security encryption, having “https” (irony alert – the “s” stands for secure) in the URL, were vulnerable to the bug. The SSL layer is meant to protect you when you are logging into your account or performing transactions online, but Google Security researcher Neel Mehta and a software security firm called Codenomicon recently found out that there was an error in the programming code that effects OpenSSL web-servers. According to Neel and Codenomicon, hackers can get the keys needed to decode and read the data from OpenSSL web-servers. The official name for the bug is CVE-2014-0160.
The problem with the Heartbleed bug is that it has the ability to bypass a website’s security layer and reveal all the information that is in the web server memory. The result? Hackers can read and expose your passwords, emails, business documents and other private information straight from your computer.
Before you go disconnecting your internet router – not every website is affected by the Heartbleed bug. Security patches for the bug was announced on Monday, however, many websites are still working on fixing the issue.
To manually check if a website is vulnerable, perform a Heartbleed test (set up by security researcher Filippo Valsorda). Enter the web address URL of the web site first. If the website checks out all good, the website is safe to use. You can also test websites using the Heartbleed checker by LastPass, a password manager service.
Mashable, a news website for technology and social media, created a Heartbleed Hit List, a large list of popular websites and companies that have or have not been affected by the Heartbleed bug.
The first priority, as mentioned in this blog, is to check if the websites you are using are vulnerable to the bug. If the website is vulnerable, stay away from accessing the website until the patch is fixed.
5 steps to protect yourself:
Join the conversation! What are other security issues that can arise? How are you protecting yourself from the Heartbleed bug? Tweet me via @Trinh_Anthony or message me via Google+