When it comes to doing online banking, using our credit cards to make purchases online, and storing any personal information in the cloud, we like to trust that companies are taking good care of our data and vital personal information. We often felt safe that when we look at our address bar and see a nifty lock icon, or we notice a website uses HTTPS, we had nothing to worry about.
On April 7th, 2014, all that drastically changed. Taking the world by storm, and compromising the backbone if the internet as we know it, is a little bug the world has come to know as The Heartbleed Bug. We’ll take a look at what this, and how you came make sure your information stays secure.
A Little History
The heartbleed bug is serious security vulnerability discovered in early April by the security research firm Codenomicon (also responsible for giving the bug it’s name), as well as a member of Google’s security team, Neel Mehta. Heartbleed utilises a security exploit found in the popular open source cryptographic software library, OpenSSL.
To quote Heartbleed.com:
“The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.”
This vulnerability gives a potential attacker access to the memory of data servers, exposing the usernames, passwords, and other sensitive data being transferred between a user and the server. Upon the launch of OpenSSL version 1.0.1 on March 14th, 2012, every website which updated to the latest version of the software made itself vulnerable and open to attack.
Am I Affected?
Well, the answer is yes and no. According to sources, as of March 21st, 2014, Google employees Bodo Moeller and Adam Langley came up with a patch for the heartbleed security flaw. As previously mentioned, Heartbleed is a security vulnerability in the popular OpenSSL software program. The majority of websites on the internet utilise this software to help websites stay secure.
This isn’t something that just affects little companies, but even personal websites could be open for attack. Known as being the two most popular web server technologies in use today are Apache, and Nginx server. Both server technologies combined account for roughly two thirds of the market today. Apache as well as Nginx server were vulnerable to the Heartbleed exploit, meaning if website admins fail to update and patch their servers, their websites are open targets for attackers to abuse and misuse.
How You Can Stay Secure
Heartbleed has actually be around for quite a while. Although discovered at the beginning of April, it has existed for over two years now. There really isn’t anything that you can do about this, except wait for websites to update to the latest version of SSL. For extra security, it’s a good idea to change and securely store your passwords. As the leading WordPress web design and development agency in Singapore, ChillyBin makes sure to stay up to date on the latest in security news and information. Our clients have the ease of mind knowing that their websites and customer’s information stays safe and secure.
If you’re concerned that your business may be affected by this bug, make sure to update to the latest version of SSL right away. The team at LastPass have also developed a tool that allows you to easily check if your website, or a website that you frequently use is vulnerable to the bug. Click here to find out.