Career Testing
Career Testing
Career Testing
WEB & TECH / APR. 11, 2014
version 6, draft 6

Heartbleed bug - Time to Change Your Password or Else...

Heartbleed bug

As far as internet security is concerned, you are as secure as your weakest link. Hackers are continually looking for loopholes in Content Management Systems, Operating Systems, Web Applications and Databases. The latest loophole that poses great danger to the internet user is what has been christened, the heartbleed bug.

The heartbleed bug was discovered only couples of days ago and by the time of its discovery by security experts, at least 66% of internet users using the OpenSSL were reportedly affected. OpenSSL is a very popular encryption standard and it is in fact the defacto encryption standard for many applications. Hackers have exploited the loophole in the OpenSSL that allows extraction of massive loads of data from the normal day to day services that users often assume are secure enough.

The Heartbleed bug gives anyone an opportunity to compromise private keys and this can be used to steal the website traffic, the database of the customer or other sensitive business documents. The bug is really dangerous since it manages to achieve all this and more without leaving a trace.

What loophole does Heartbleed bug exploit?

The exploit can be blamed on a weakness in the OpenSSL standard for encryption. This encryption standard is used by many websites for transmission of data that the users want to transmit securely. Typically, this encryption provides a secure connection when one is sending an email message or when sending an instant message via online chat software. Encryption mainly works by making the data sent appear like some nonsensical clutter to anybody else except the intended recipient.

For the connection to be sustained, one of the nodes often sends out a data packet to the other node to ensure the connection is still active. This data packet is what is referred to as a heartbeat. This is the loophole that hackers have exploited since it is possible to send a packet that is disguised as a heartbeat with the principal aim of tricking the computer into sending data that is stored in memory.

The Solution?

To avoid losing your important data, it is highly recommended that you reset all passwords to your online accounts. However, you should only reset your password if the heartbleed bug has been fixed on the website otherwise, resetting the password may not yield results. Examples of websites that have been patched include:

  • Google, YouTube and Gmail
  • Facebook
  • Yahoo, Yahoo Mail, Tumblr, Flickr
  • OKCupid
  • Wikipedia

The sites in question say that it is safe and highly recommended that you reset your passwords for the above websites. Apple and American Express are yet to patch the bug so don’t reset your passwords jut yet- unless you get confirmation of the patch. If you want to check to see if a website has been patched for yourself there are numerous websites such as Qualsys.

As we have already seen, the heartbleed bug only affects websites that use the OpenSSL encryption. This means that not all websites were affected. Examples of websites that were not affected include:

  • Amazon.com
  • Paypal.com
  • Citibank.com
  • LinkedIn.com
  • Microsoft.com
  • Twitter.com
  • Chasebank.com

You therefore don’t need to reset your password for the above websites.

When resetting your passwords, make sure you have used strong passwords to enhance your online security. A strong password is at least 8 characters long and it is a combination of letters, numbers, special characters and lower-case and upper case letters. 

SOURCES
money.cnn.com
Get our FREE eBook!
'6 Steps to Landing Your Next Job'

LEAVE A COMMENT

0 comments

 

RELATED ARTICLES

5 Best Password Manager Apps for your Android
WEB & TECH / MAR 06, 2015

Security, whether that is on your work pc, home laptop or mobile device, is vital. With the number of worldwide cyber-attacks and viruses that can hack into your personal...

5 Must-Have Password Managers
WEB & TECH / APR 22, 2015

Managing passwords can be a very tricky affair. First, if your password is not strong enough, your account might end up being hacked. Secondly, if you have multiple...

How Facebook Atlas can Change your Business
WEB & TECH / FEB 01, 2015

With the growing trend of smartphones and tablet use, it is important to optimize ads and marketing strategies to suit the trend. Facebook launched an ad analysis...

How to Prioritize Your Time and Energy to Start a Blog
WEB & TECH / DEC 14, 2014

Starting a blog may be easy, but keeping it going is a challenge that very few people have the time and energy for. Your blog will only grow if you add valuable content a...

copier
WEB & TECH / DEC 12, 2014

The office photocopier is one of the most resilient items of machinery to have defied the rush of office automation that has swept the world of work for decades now...

Real-Time Marketing and What It Means For Your Business
WEB & TECH / JUN 20, 2014

Real-time marketing is a marketing strategy that all businesses should embrace, including yours. This form of marketing is fresh, spontaneous and it looks like it’s here...

Get our FREE eBook!
'6 Steps to Landing Your Next Job'
G up arrow