Heart bleed bug has been in news in the past few weeks owing to the massive impact it may have had on online transactions and web security. Heart bleed bug intrinsically is a bug that went largely undetected till very recently operating in the OpenSSL implementation of the SSL protocol over the web. According to conservative estimates, over 17% of the internet's web traffic dealing in data transactions over secure web servers has been vulnerable to the Heart bleed bug, including possible leak of usernames, passwords and email id's. Now with heart bleed bug detected and security patch applied by almost every website worth its salt over the internet, let us take a look at possible data breach that heart bleed bug made vulnerable in the virtual world.
What is Heart Bleed Bug?
Heart bleed is a security bug that was accidentally discovered by security firm Codenomicon operating in the open-source OpenSSL cryptography library. In simple terms the bug affected the way open source software including OpenSSL used for a large number of secure data transactions operated. The presence of Heart Bleed bug in OpenSSL software meant that usernames, passwords, credit card numbers as well as other sensitive information like website security certificates were all at a possible risk of being leaked to hackers. Since OpenSSL is one of the widely used software to encrypt the communication of sensitive information, Heart Bleed bug is considered to be one of the biggest security threats the world of internet has ever witnessed.
Working Mechanism of Herat Bleed Bug:
Heart Bleed bug made secure servers vulnerable to attacks including server data theft revealing all sensitive users information including personal details as well as session cookies and passwords. Since Heart Bleed went undetected for more than two years, it is hard to sense the impact the bug might have had on data theft cases. Technically speaking Heart Bleed bug was registered in the Common Vulnerabilities and Exposures system as CVE-2014-0160 affecting the encryption technology. The same technology that was designed to encrypt sensitive user data over secure server transactions was being compromised by the presence of the Heart Bleed bug. Heart bleed worked by creating an opening in SSL/TLS allowing interlopers to grasp encrypted data.
Security Tips to Avoid Heart Bleed Bug Related Woes:
While Heart bleed bug was rampant for more than two years and remained undetected, it is not sure how many cases of data theft actually occurred due to the bug. Most websites have now applied a security patch that covers the heart bleed bug allowing for safe and secure OpenSSL transactions.
As a precautionary measure, however websites are recommending their clients to change their usernames and passwords to avoid any possible data theft leak owing to the Heart Bleed bug. This includes any usernames and passwords corresponding to email service like yahoo or Google amid others and passwords for internet banking transactions along with social media websites like Facebook and Twitter. Web analysts and security experts including antivirus companies like Kapersky Labs have also suggested users to change all of their online passwords to avoid any security compromise. Since changing passwords for all essential web transactions espcially the most critical ones like bank and online shopping account passwords is good security etiquette, Heat Bleed bug is once again a timely reminder of how technology is always work in progress and even the most secure systems and software may be potentially breached knowingly or unknowingly.