The Heartbleed bug might just be the most potentially hazardous lapse in security in the history of the internet. The bug, affecting the most commonly used platform (OpenSSL) to offer secure internet pathway has majority of the major websites susceptible to being easily crippled.
OpenSSL is by far the most widely deployed method to create a secure pathway between the remote server and the end–user. Unfortunately the Heartbleed bugs affects this very platform. Though the companies who have been affected pride themselves in offering top–of–the–line encryption, the pathway itself can be compromised and hackers can easily steal away data acting as the man–in–the–middle.
The bug has affected many popular websites and services. Some of the most prominent examples are Gmail and Facebook. Needless to say these are ones you use every day. These platforms could have quietly exposed your sensitive account information (such as passwords and credit card numbers) over the past two years, reports Mashable, who has reached out to individual service providers and collated their responses. Additionally, Password Management tool LastPass has offered a simple tool to check whether the service you use is susceptible to compromised or not.
Fortunately, even before the official disclosure of the Heartbleed bug became commonly known, Social Media portal Facebook had taken corrective action. Others like Instagram, Pinterest and Tumblr too were quick to respond to the Heartbleed threat and patched their servers with the update that is currently available on the OpenSSL portal.
Interestingly, portals like LinkedIn, Apple, Amazon, Microsoft, and many other platforms have steered clear of the potential disaster having chosen not to use OpenSSL to offer a secure pathway. Even in case of multiple eCommerce platforms like eBay, Groupon, Paypal, Target, and Walmart are completely immune. However, the most sensitive sector of them all, the banks, appear to be unanimously against using OpenSSL and all those contacted confirmed they aren’t in the threat zone.
The little green padlock symbol, in the upper left corner of the address bar, once stood as a comforting sign of security. Typically the symbol was accompanied with a special HTTPS preceding the web–address (unprotected addresses have HTTP). These methods reassured users that the data sent across was highly secured. However, the Heartbleed bug proved that it is no longer necessarily the case, explained IBTimes.
While the majority of services must have already patched their servers, the internet and networking experts are strongly urging users to immediately change all passwords for all the internet based services they are using. This is because hackers quite commonly snoop around the compromised account to get hints and clues about getting into other associated accounts of the compromised user. With the Heartbleed bug, compromising accounts have never been easier.
[Image Credit | mobilesyrup]