Now even "HTTPS" is not so secure; credit goes to "Heartbleed" bug.
The Heartbleed bug is a serious exposure in the popular OpenSSL cryptography library, used to implement the Internet's TLS protocol. The weakness allows stealing the secure information encrypted using SSL/TLS encryption.
The Heartbleed bug allows anyone on the internet to read the system's/server's memory resulting in disclosure of secret keys used in encryption of secure information such as username or passwords.
Some 17 percent (around half a million) of the Internet's secure web servers were believed to be vulnerable to the attack. The Electronic Frontier Foundation, Ars Technica and Bruce Schneier all deemed the "Heartbleed" bug catastrophic.
The bug is in the OpenSSL's implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). When it is exploited it leads to the leak of memory contents from the server that is why they have named it "Heartbleed" bug.
David Kennedy, a security researcher and self described ethical hacker calls Heartbleed the bug that broke the internet.
"Everybody was affected by this, Facebook was affected, Yahoo was affected, a number of companies we put our information into every day were affected."
Many experts have given advice to the users to make sure that they do not log into accounts from affected sites until they are sure that the company has patched the problem. Robert Hansen, an ethical hacker said, don't use the same password for different sites. "In light of Heartbleed, probably the first thing you should do is go to a search engine and type in heart bleed check. And if you're going to do business with a website, type in that website's name into that form and see whether it is or isn't vulnerable to heart bleed."
Well these were some precautionary measures the users can take against the Heartbleed bug but apart from that Fixed OpenSSL has been released and now it has to be deployed. Operating system vendors, appliance vendors, independent software vendors have to adopt the fix and notify their users.
The users on their end must make sure that the company has patched the problem. You can check whether or not the sites have patched the problem here.
Well for now, the internet still remains defenseless and only by knowing it best, the people can secure themselves.
Know more to be secure.
https://anurag189.blogspot.com
The Heartbleed bug is a serious exposure in the popular OpenSSL cryptography library, used to implement the Internet's TLS protocol. The weakness allows stealing the secure information encrypted using SSL/TLS encryption.
The Heartbleed bug allows anyone on the internet to read the system's/server's memory resulting in disclosure of secret keys used in encryption of secure information such as username or passwords.
Some 17 percent (around half a million) of the Internet's secure web servers were believed to be vulnerable to the attack. The Electronic Frontier Foundation, Ars Technica and Bruce Schneier all deemed the "Heartbleed" bug catastrophic.
The bug is in the OpenSSL's implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). When it is exploited it leads to the leak of memory contents from the server that is why they have named it "Heartbleed" bug.
David Kennedy, a security researcher and self described ethical hacker calls Heartbleed the bug that broke the internet.
"Everybody was affected by this, Facebook was affected, Yahoo was affected, a number of companies we put our information into every day were affected."
Many experts have given advice to the users to make sure that they do not log into accounts from affected sites until they are sure that the company has patched the problem. Robert Hansen, an ethical hacker said, don't use the same password for different sites. "In light of Heartbleed, probably the first thing you should do is go to a search engine and type in heart bleed check. And if you're going to do business with a website, type in that website's name into that form and see whether it is or isn't vulnerable to heart bleed."
Well these were some precautionary measures the users can take against the Heartbleed bug but apart from that Fixed OpenSSL has been released and now it has to be deployed. Operating system vendors, appliance vendors, independent software vendors have to adopt the fix and notify their users.
The users on their end must make sure that the company has patched the problem. You can check whether or not the sites have patched the problem here.
Well for now, the internet still remains defenseless and only by knowing it best, the people can secure themselves.
Know more to be secure.
https://anurag189.blogspot.com
No comments:
Post a Comment