Server security plunges as Heartbleed bug emerges
Watch out internet users! There’s a new threat in town and it involves your account credentials and personal data. Due to weak encryption in OpenSSL’s library, hackers have been able to find a loophole; enabling them to read the memory of systems using vulnerable versions of OpenSSL library (1.0.1 through 1.0.1f). As a result, this may disclosure the secret keys of vulnerable servers, allowing the hackers to decrypt as well as eavesdrop on communications encrypted by SSL and impersonate service providers.
To counteract this sudden risk, all kinds of online services such as: Symantec or Pinterest have suggested that users change their password upon announcing that the issue has been fixed. An investigation is also carried out by the company to determine whether potential attackers have caused any damage. (Hugh Boyes, cyber security lead at the UK-based Institution of Engineering and Technology advised against changing account passwords prior to an informed resolution because it “could compromise your new password.”
Despite all these abrupt warnings, the Heartbleed bug has actually been around and undetected for as long as 2 years meaning it could have already happened at any given moment. For this reason, I wouldn’t start panicking now that this has been brought to your attention but obviously take any recommended precautions just to be safe.
It has actually been reported that half a million sites are vulnerable to the Heartbleed bug. You can actually test whether you are exposed by visiting a site created by a developer named Filippo Valsorda. From here, you will be able to type in the address of any website and you will be informed whether the bug has been fixed. Once you have received confirmation that the site has been patched, you should change your password.
Mr. Boyes also suggested that users make a habit of changing their passwords on a “monthly or quarterly” basis depending on the complexity and “how sensitive the application/website is.” He also recommended that you “don’t reuse the same passwords on different websites. Try to use a separate password for each website.”
Security Experts stumbled upon the Heartbleed bug on Monday, including one from Google.
In short, the bug is able to bypass the encryption that would otherwise protect data as it is sent between computers and servers, rendering personal and sensitive data vulnerable. It is commonly recognised as the closed padlock that resides in the corner of the web browser to indicate that your connection is secure.