|
Heartbleed |
What Is Heartbleed?
Heartbleed is a security bug in the open source SSL. It is mostly used to over reed the internet's transport Layer Security. On April 1, 2014 they decided to fis the OpenSSL, and on the same day heartbleed was disclosed. During the time at which heartbleed started to gain it's name, over half a millions of the internet's secure web certified sites, had been attacked, which allowed these hackers to get to the users cookies and passwords. Basically what a program is, is that fixed amount of codes. Ex: [101001]. What heartbleed does is basically over flow the sprogram code like this "[101001]1001001010100011101010101101010101101" This makes the system malfunction and do whatever the certain code does. This makes it very easy for hackers to enter the system and take information away from it.
How did it happen?
The bug was discovered by a Google researcher who was situated in Finland. It happened, by one simple task, over running the system. When this happens the sysytem starts to malfunction, allowing the hacker to enter the site. Lets take and example of facebook. Once facebook gets over run, the hacker will enter, and get all your private details. He will then use that information to get advantage, he'll use that identity to hack others, and rob you.
Who Got Affected By Heartbleed?
Yahoo
Google
Facebook
Tumblr
Amazon
Drop-box
Last-Pass
OK-Cupid
Sound-cloud
What Happened to Them?
In most cases, cyber criminals, hackers, and other types of people commit cyber theft, by getting all the information you have, and stealing, robbing you from it.
How To Prevent It or Recover From It?
Since it is an OpenSSL, once it has entered your software, it is almost inevitable to get rid of it. But to prevent it from getting to you, there are two basic methods. Most of the old software and programs, websites are not properly protected due to it's outdated system. So one method is to re install or update the system so that the security is able to cope up with the current SSL. Another method is to delete the account and remake it so that the bug has gone from your account.
What Did You Learn From It?
I learnt that this bug can attack almost anywebsite that is not securely protected, and that heartbleed is a security bug in the open source SSL. It is mostly used to over reed the internet's transport Layer Security.
Citation:
"The Bleeding Hearts Club: Heartbleed Recovery for System Administrators." Electronic Frontier Foundation. N.p., n.d. Web. . <https://www.eff.org/deeplinks/2014/04/bleeding-hearts-club-heartbleed-recovery-system-administrators>.
Swanson, Emily. "Most Americans Haven't Even Checked To See If They Were Affected By Heartbleed." The Huffington Post. TheHuffingtonPost.com, 21 Apr. 2014. Web. . <http://www.huffingtonpost.com/2014/04/21/heartbleed-bug-poll_n_5175663.html>.
"Use this tool to find out if the sites you visit were affected by Heartbleed, and when they’ll be fixed." The Daily Caller. N.p., n.d. Web. . <http://dailycaller.com/2014/04/14/use-this-tool-to-find-out-if-the-sites-you-visit-were-affected-by-heartbleed-and-when-theyll-be-fixed/>.
"Websites affected by Heartbleed: Change your Gmail, Facebook and Yahoo passwords right now - Tech2." Tech2. N.p., n.d. Web. . <http://tech.firstpost.com/news-analysis/websites-affected-by-heartbleed-change-your-gmail-facebook-and-yahoo-passwords-right-now-221526.html>.