Heartbleed Bug Identified; A Critical Security Bug that has been Plaguing the Internet for over 2 years already

Heartbleed Bug Identified; A Critical Security Bug that has been Plaguing the Internet for over 2 years already

Internet security experts revealed earlier this week that they have discovered a bug plaguing the internet that may have put over 66 percent of the web at risk for credit card, password and personal information leaks.

heartbleed

Named as the Heartbleed Bug by the researchers and experts who discovered it, the newly discovered security flaw affects the SSL (Secure Sockets Layer) security protocol of the Internet, specifically the Open SSL.

What SSL does is it encrypts your log in credentials and your personal information whenever you log into a website. Although there are different implementations of SSL made by different software makers, OpenSSL is used by over two-thirds of the current active websites across the globe.

What’s alarming is that the Heartbleed Bug managed to stay undetected for over two years, until its recent discovery. Although Facebook, Twitter, Google, Microsoft and Dropbox weren’t affected, Yahoo was, including OKCupid and Flickr.

Screen Shot 2014-04-10 at 1.29.57 PM

Internet expert Ronald Prins of Fox-IT even tweeted the other day that by running the Heartbleed bug script, he was able to extract Yahoo usernames and passwords. Yahoo issued a statement that “As soon as we became aware of the issue, we began working to fix it. Our team has successfully made the appropriate corrections across the main Yahoo properties (Yahoo Homepage, Yahoo Search, Yahoo Mail, Yahoo Finance, Yahoo Sports, Yahoo Food, Yahoo Tech, Flickr, and Tumblr) and we are working to implement the fix across the rest of our sites right now. We’re focused on providing the most secure experience possible for our users worldwide and are continuously working to protect our users’ data.”

There’s no ultimate way to protect ourselves. Until affected websites adopt the necessary fix, the only thing we can do on our end is to change our online account passwords.

Screen Shot 2014-04-10 at 1.39.57 PM

To check if a website is vulnerable to the Heartbleed bug, there’s a simple tool on the internet published by Developer and cryptography consultant Filippo Valsorda, known as the Heartbleed Test. As much as the tool isn’t really a hundred percent reliable, you can also check affected sites’ official blogs and twitter feeds to know their current status.

 

Bert Padilla

Founding-Editor of Cebu Tech Blogger where he shares insights in eCommerce, Digital Marketing, Ad Ops, Tech, Startups, Technopreneurship, Life Goals and Hacks. He's the brainchild and ninja of a Cebu-based digital agency, TekWorx.Digital, with ventures TekWorx, (eCommerce and Digital Marketing), AdWorx (Outsourced Ad Ops for Publishers) and BlogWorx (full-fledged Blog Development service). Read his Full Curriculum Vitae. For training and consultancy, services, speaking engagements, blog partnerships or media invites, click here. Alternatively, get in touch with him on Messenger.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close Menu