What Is The Heartbleed Bug?

By   ISBuzz Team
Writer , Information Security Buzz | Jun 16, 2014 01:18 am PST

Here at IDF Marketing we are passionate about all things digital. We, along with many others, have become aware of the latest threat to digital security, the Heartbleed bug.

The Heartbleed bug is vulnerability in OpenSSL encryption software, which can be exploited to steal data such as credit card numbers, passwords and other personal information. This poses major concerns for business owners and website owners across the globe due to the fact that the majority of these websites incorporate this form of encryption.

Many are saying that this virus could indeed be one of the biggest security threats that the Internet has ever seen. However, contrary to the belief of many, this bug is not new! The Heartbleed Bug has in fact been present in OpenSSL code since early March of 2012. The vulnerability exposed in recent weeks has therefore been open to exploitation for more than two years.

So how do I stop it from affecting me I hear you ask? Well, there are several ways to protect yourself from this security risk but before we discuss these, it is important that we first explain how exactly this bug works.

When messaging back and forth on a secure connection, sometimes a computer wants to check if the other computer is still available. They carry out this check by sending a small packet of data to the other computer. For example, “Are you available? Reply yes (3 letters)”. This is called a “heartbeat” which should then be confirmed by the responding computer.

This is where the Heartbleed flaw is exposed. The Heartbleed bug enables the hacker to lie about the length of the heartbeat required. Instead of requesting 3 letters, they will now look for 300. This new request results in the responding computer sending back far too much information, which can often include sensitive information such as passwords, login details and credit card numbers.

So, again you ask, how do I protect myself from this online threat? Well, the answer is pretty simple – Change your passwords! However, this will only help if the website in question has patched their security with the latest fixes.

For those of you who would like that little bit of extra security, Firefox have a free browser add-on that allows the user to check a website’s code for vulnerabilities. This ensures you are always protected. Another important check to make is that your home router has not been compromised in any way. Finally, be very careful when downloading or installing any software updates.

So now you know what the Heartbleed bug is, what it does and how to stop it. You are now well equipped to keep yourself and your personal data safe from both the Heartbleed bug and the hackers it attracts. Please see our infographic for a list of popular websites affected by the bug.

That concludes our piece on the Heartbleed bug. We hope you take our advice on board and please feel free to like and share as often as you wish.

Basic RGB