What Is The Heartbleed Bug? Everything You Need To Know

Heartbleed Bug
What is this 'Heartbleed' everyone is suddenly talking about? I won't blame you if you're as clueless as I was when I first heard about it. The term suddenly exploded as if out of nowhere, and had me thinking; meh, it's probably another messaging app that someone has discovered a bug with. But no. Heartbleed is a major security bug that was discovered Codenomicon, a software security firm, and a member of Google's security team. It is a serious security threat that has the potential to expose users' private information, including passwords, financial details and instant messages, among other things. So if security is one of your concerns, you need to read this!

The Heartbleed Bug

The Heartbleed bug is a vulnerability in the OpenSSL security used by millions of websites on the web These include websites for e-commerce, online shopping stores, banks, email providers, and so on - places where a security breach can hurt you most.

How does it work?

The bug leaves open a hole that allows hackers to get in and around the encryption between you and the site. This means that the information stored on the servers, and passed between you, could be stolen! This information can include username/password combinations, personal details and addresses, credit card information, and so on! According to the guys at Codenomicon:
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
Here's a nice little comic that's been going around the internet demonstrating the workings of the bug.

The Heartbleed bug

The bug, as demonstrated is dangerous yet very simple, which explains why it had never been identified before. It's a loophole in code, and not an attack or a virus that you can defend against.

Will it effect me?

Obviously! The bug has affected all websites and services running on OpenSSL. These include Facebook, Pinterest, Instagram, Tumblr, Google, Yahoo, Amazon, GoDaddy, GitHub, and Dropbox to name just a few. Many of these websites have already addressed the vulnerability with a patch.

But there isn't much you can do on your part to improve your personal security. Changing passwords won't help you much at this point, but you can go ahead and do it anyway. It is advisable to lay off any online purchases you want to make until the dust settles down.

Furthermore, you can use the Heartbleed Bug checker to see whether the website you are visiting has addressed their vulnerability or not. You can also use LastPass’s SSL date checker to see if the server of the website has updated its SSL certificate recently.

Additionally, if you run your own website, the best thing you can do is update your OpenSSL immediately! Many good web hosting companies will do this for you.

Got any questions to ask? You know where to ask 'em. Cheers :)

Need Quick Help within 24 Hours? ASK NOW

If you don't want to get yourself into Serious Technical Trouble while editing your Blog Template then just sit back and relax and let us do the Job for you at a fairly reasonable cost. Submit your order details by Clicking Here »

14 comments : Post Yours! Read Comment Policy ▼
We have Zero Tolerance to Spam. Chessy Comments and Comments with 'Links' will be deleted immediately upon our review.

  1. if my site get affected by this hen How to get rid of this one ?

    Best Regard's
    smart earning tips

  2. I'd say this was the best way to describe how this bug works. I'm bit upset with GoDaddy not notifying its customers about the bug.

  3. One more thing...best way to secure your account from this bug is by using the two-step authentication. Cheers!

  4. Really a Good Article For Me.

    Thanks For Sharing TricksCage.com

  5. nice post bro
    thanks from http://www.blogonmind.com

  6. Thanks for sharing a Superb Article About heartbleed bug. I really appreciate your efforts and I will be waiting for your further write ups thanks once again.

    ▄▀▄▀▄▀▄ BLOGGER TIPS & TRICKS ▄▀▄▀▄▀▄

  7. Wahooooooooooooo Qasim brother what a great sharing.

    Thankx to sharing wiht us.

    Best hoodies

  8. Nice article brother. But I'm not able to understand how this attack is executed. Via Man In The Middle attack or something else? Suppose if this vulnerability still exists, then how'll you retrieve sensitive information from sites like Disqus?

  9. Thank you for this article. It is timely. it is important. I'm sharing with my http://www.palmspringsusa.blogspot.com readers. Now, I'm going to read your next article on the Heartbleed Bug

  10. Thanks for all the information. Its dangerous...

  11. Thanks For Information.
    heartbleed bug is so dangerous for any internet user now.


  12. May be not affect all the site,Social media Site use same crypto algorithm,where other site use different algo for encryption and decryption.
    For example move cursor on https round symbol in Facebook and Google site,there you will see some basic security algo like RC4_128,SHA1..etc.
    Now go to perfectmoney.is there you will see diff algo for encryption and decryption,also they use 256 bit for encryption that is twice compare to FB,GOogle Etc...:D

    Actually attacker now find cryptanalysis method for some OPEN SSL...:v