HeartBleed Bug and Passwords You Need to Change Right Now
Millions of passwords, credit card info and other sensitive data are at risk due to a security risk revealed earlier this week. This security hole exists in many popular websites including Google, Facebook, Twitter, Tumblr and many other websites. Over the past two years, it could expose your password and other sensitive data. This security bug is called Heartbleed Bug. It is a serious vulnerability in popular OpenSSL cryptographic software library and allows attackers to steal the information protected by the SSL/TLS encryption.
Heartbleed is one of the biggest vulnerabilities in the history of modern internet world. It is technical and normal internet users cannot understand enough about this vulnerability. As a user, you cannot do much to protect yourself. Affected websites need to implement the fix.
Many major web services user OpenSSL. It is included with various distribution of Linux. Apache and Nginx also use OpenSSL. Around 66% pf the websites use OpenSSL. This makes the condition worst for us.
Why this is called Heartbleed bug?
This security bug was found in the implementation of TLS/DTLS heartbeat extension. When this bug is exploited, it leads to memory leak from the server to the client and vice versa.
This bug has left large amount of private keys and websites’ secret data exposed on the Internet. Major Linux distribution has issued the patch of the bug. Most of the popular cloud hosts have also patched their servers.
Patch of the bug is already available and most of the websites are in rush to fix the bug. Yahoo, Facebook and Google have already confirmed that it has applied the patch.
Lastpass has also created an online tool to check if a website is vulnerable to Heartbleed vulnerability.
What can you do to protect yourself?
As I already said that you cannot do much, but you need to change the passwords. And wait till your website adopt the fixes. Before changing the password, confirm that the website has applied the patched. In this way, you will not have to change the password twice.
Have something to say? Share it with us via comments.
Passwords You should change Right Now:
- Yahoo Mail
And many others. If you want to know about a specific website, check with the Lastpass tool.