Recently, a huge security scare plagued the internet. This security vulnerability was coined The Heartbleed Bug, named for its relationship to the heartbeat on a server. The internet was in shock, emails were flying to reset passwords, and experts warned of an ominous outcome.
But what happened?
Before we can understand what exactly happened, we need to understand what The Heartbleed Bug is all about.
What is The Heartbleed Bug?
OpenSSL is an open source library of sorts. It allows for encryption of a connection on the internet. SSL stands for Secure Socket Layer, and is most easily recognized by the green bar or symbol in the left hand side of your browser’s address bar. It also is identified by the use of https:// a secure form of http://.
What is this vulnerability?
In a vulnerable version, an attacker can use the internet to access memory of a server via an exploited heartbeat. This memory may hold sensitive information. Since a large.
Has it been resolved?
In short, yes. A patch was released. However, in order to no longer be vulnerable, it is imperative that the patch is installed.
At this point in time, most important internet vendors have completed the patch. In addition, hosting providers rolled out their patches for servers.
I do not have a server, is there still something I should do?
Absolutely! Even if you are not in charge of a server, there are several things you can do:
- Change all of your passwords, everywhere
- Check with vendors to ensure that the patch has been made on their servers
- Monitor sensitive information for signs of theft
- Monitor accounts for signs of theft
- Watch for vulnerabilities in the future
With a little precaution and some password updates, your internet assets can continue to stay safe.
Have more questions about this bug? Let us know in the comments!
Codenomicon. (2014, May 21). The Heartbleed Bug. [Web Log Post]. Retrieved from http://heartbleed.com/