In these days, a potential vulnerability nicknamed “Heartbleed” is all around the technology talks. Actually it is a critical OpenSSL security threat that may cause security problems for websites using OpenSSL protocol. OpenSSL is the open source combination of SSL and TLS protocols which is written in the C programming language. Almost 80% websites including Gmail,Yahoo all implemented OpenSSL and the HeartBleed bug may cause hacking more easier. Reports says this issue is going to collect around 50000 websites.
This bug can get into the server memory and collect sensitive user data, usernames, passwords and credit card numbers. Heartbleed was known many years ago but it is only a few weeks that it exist actually. Now not only websites, it appears to be affecting network equipment such as routers and switches.
As a normal computer user or webmaster, you can do few things to get protected yourself from HeartBleed security bug.
1. Do not log into Websites that is known to have this bug
This is a basic thing you can do otherwise it is like giving away your secrets. Log in only after the company has patched the issue and notified you’re safe. Go to LastPass Heartbleed checker to see if the website is all clear from threats or still vulnerable. According to information, websites like Yahoo are partly fixed.
2. Change your passwords
Once the site has overcome the issue, it’s better to change password for your sensitive accounts like your email and bank. Notice that this is not a permanent solution. You might want keep changing passwords every week.
3. Choose website wisely while surfing
Take little more care about what kind of website are you browsing through. It’s not required to care too often while you’re googling because using addons like Heartbleed-Ext in firefox simplifies your job. It will display indicator for sites that are not safe, GREEN is GOOD, RED is BAD.
4. Checkout the Router company website
To see your router has any problem, check their websites for any bugs that were known to be detected in a particular device. Also, they’ll release software patches and firmware updates if it has any problem.
Now HeartBleed bug seems to be affecting web hosting providers too. This is one email I’ve got today from NameCheap, one of the leading hosting service provider.
A critical OpenSSL vulnerability nicknamed “Heartbleed” was discovered recently. IMPORTANT: It is very likely that you are impacted by this vulnerability. Read on for more info.
Details you should know:
1. This is not a vulnerability with SSL Certificates or Namecheap.
2. SSL/TLS is not broken, nor are the digital certificates issued by Comodo or Symantec brands.
3. Users of OpenSSL versions 1.0.1 through 1.0.1f with the heartbeat extension enabled are affected. OpenSSL version 1.0.1g addresses the vulnerability, as well as OpenSSL instances compiled without the heartbeat extension.
4. As a precaution to protect your data, we highly recommend that all Namecheap users change their account passwords.