Heartbleed: internet security’s newest threat

SHARE

heartbleed

February is over and yet why are we still seeing hearts posted all over the internet? It’s because of a new OpenSSL bug called “Heartbleed,” which can be manipulated to gather data from any running server that is exposed to it.

The Heartbleed bug exploits the vulnerability of the popular OpenSSL cryptographic software library by stealing protected information through SSL/TLS encryption, which is known to secure the Internet since the SSL/TLS provides communication security and privacy for widely-used Internet applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

According to reports of The Guardian, this vulnerability was introduced back in 2011 but the error was just spotted recently. Since the Heartbleed bug allows anyone on the internet to read memory of the systems protected by the vulnerable versions of the OpenSSL software, it is advisable to lay-off from engaging information sensitive activities on the internet for the next few days until security measures were implemented.

Moreover, the Heartbleed bug also compromises secret keys used to identify the service providers and to encrypt traffic, including usernames and passwords of the users and the actual content of their accounts. The Hearbleed bug also give the attackers the capability to eavesdrop on private communications, steal data directly from services and users, and impersonate services and users.