Heartbleed Bug Exposed the Internet
On Tuesday, news broke that the safeguard many websites use to protect sensitive information on the internet has had a major security flaw for about two years. These sites use a security system called OpenSSL to encrypt data like content, passwords, and Social Security numbers. But thanks to a small coding error in a popular version of OpenSSL, nicknamed "Heartbleed", hackers can potentially steal sensitive data from vulnerable websites. Richard Bejtlich, chief security strategist at FireEye, a network security company, notes that there's no evidence that malicious hackers have exploited the flaw yet.
Today when I sign into my soundcloud account to check my plays, after 2-3 minutes, Soundcloud logged me out by showing this message about Heartbleed Bug, the first question which arises in my mind was "What exactly Heartbleed is and how it has exposed the internet security to the hackers?"
Well Heartbleed Bug is an internet vulnerability which could let attackers gain access to users' passwords and fool people into using bogus versions of Web sites. Some already say they've found Yahoo passwords as a result.
The problem, disclosed Monday-Tuesday midnight, is in open-source software called OpenSSL that's widely used to encrypt Web communications. Heartbleed can reveal the contents of a server's memory, where the most sensitive of data is stored. That includes private data such as usernames, passwords, and credit card numbers. It also means an attacker can get copies of a server's digital keys then use that to impersonate servers or to decrypt communications from the past or potentially the future, too.
Security vulnerabilities come and go, but this one is extremely serious. Not only does it require significant change at Web sites, it could require anybody who's used them to change passwords too, because they could have been intercepted. That's a big problem as more and more of people's lives move online, with passwords recycled from one site to the next and people not always going through the hassles of changing them.
"We were able to scrape a Yahoo username & password via the Heartbleed bug," tweeted Ronald Prins of security firm Fox-IT, showing a censored example. Added developer Scott Galloway, "Ok, ran my heartbleed script for 5 minutes, now have a list of 200 usernames and passwords for yahoo mail...TRIVIAL!"
The problem, disclosed Monday-Tuesday midnight, is in open-source software called OpenSSL that's widely used to encrypt Web communications. Heartbleed can reveal the contents of a server's memory, where the most sensitive of data is stored. That includes private data such as usernames, passwords, and credit card numbers. It also means an attacker can get copies of a server's digital keys then use that to impersonate servers or to decrypt communications from the past or potentially the future, too.
Security vulnerabilities come and go, but this one is extremely serious. Not only does it require significant change at Web sites, it could require anybody who's used them to change passwords too, because they could have been intercepted. That's a big problem as more and more of people's lives move online, with passwords recycled from one site to the next and people not always going through the hassles of changing them.
"We were able to scrape a Yahoo username & password via the Heartbleed bug," tweeted Ronald Prins of security firm Fox-IT, showing a censored example. Added developer Scott Galloway, "Ok, ran my heartbleed script for 5 minutes, now have a list of 200 usernames and passwords for yahoo mail...TRIVIAL!"
How can we secure our identity?
Well, we can secure us by:
- Changing our passwords.
- Using a Virtual Private Network (VPN) software like Hotspot Shield, Steganos Online Shield 365 etc.
Here is the list of some major websites which have patched the heartbleed bug.
|
Site
|
Qualys
|
Confirmation From Site
|
|
Google
|
Pass
|
Vulnerability patched. Password change recommended
|
|
Facebook
|
Pass
|
Vulnerability patched. Password change recommended
|
|
Instagram
|
Pass
|
Vulnerability patched. Password change recommended
|
|
Youtube
|
Pass
|
Vulnerability patched. Password change recommended
|
|
Yahoo!
|
Pass
|
Vulnerability patched. Password change recommended
|
|
Amazon
|
Pass
|
Was not vulnerable
|
|
Wikipedia
|
Pass
|
Vulnerability patched. Password change recommended
|
|
LinkedIn
|
Pass
|
Was not vulnerable
|
|
Ebay
|
Pass
|
Was not vulnerable
|
|
Paypal
|
Pass
|
Was not vulnerable
|
|
Twitter
|
Pass
|
Was not vulnerable
|
|
Chase
|
Pass
|
Was not vulnerable
|
|
CNET
|
Pass
|
Was not vulnerable
|
|
CBSSport
|
Pass
|
Was not vulnerable
|
|
Blogspot
|
Pass
|
Vulnerability patched. Password change recommended
|
|
Bing
|
Pass
|
Vulnerability patched. Password change recommended
|
|
Live
|
Pass
|
Vulnerability patched. Password change recommended
|
|
Craigslist
|
Pass
|
Awaiting response
|
|
Pinterest
|
Pass
|
Awaiting response
|
|
CNN
|
Be on alert
|
Awaiting response
|
|
Tumblr
|
Pass
|
Vulnerability patched. Password change recommended
|
|
Espn.go.com
|
Pass
|
Awaiting response
|
|
Wordpress
|
Pass
|
Awaiting response
|
|
Imgur
|
Pass
|
Awaiting response
|
|
MSN
|
Be on alert
|
Vulnerability patched. Password change recommended
|
|
Microsoft
|
Pass
|
Vulnerability patched. Password change recommended
|
|
Flickr
|
Pass
|
Vulnerability patched. Password change recommended
|
|
Blogger
|
Pass
|
Vulnerability patched. Password change recommended
|
|
Googleusercontent.com
|
Pass
|
Vulnerability patched. Password change recommended
|
|
Feedbin
|
Pass
|
Vulnerability patched. Password change recommended
|
|
Pinboard
|
Pass
|
Vulnerability patched. Password change recommended
|
|
Getpocket
|
Pass
|
Vulnerability patched. Password change recommended
|
|
Wellsfargo
|
Pass
|
Awaiting response
|
|
Wordpress.com
|
Pass
|
Awaiting response
|
|
Huffington Post
|
Be on alert
|
Awaiting response
|
|
Reddit
|
Pass
|
Awaiting response
|
|
Netflix
|
Pass
|
Awaiting response
|
|
Weather.com
|
Be on alert
|
Awaiting response
|
|
IMDb
|
Be on alert
|
Awaiting response
|
|
Yelp
|
Pass
|
Awaiting response
|
.jpg)
.jpg)
Comments
Post a Comment