Every software and website face security breaches that, in most cases, are quickly fixed. In general, these flaws are not discussed in the media, unless they are related to a mainstream software or website. For example, specialized technology websites will write about one is discovered in Internet Explorer. However, very few security breaches have been discussed as much as Heartbleed, a security flaw that affects the OpenSSL service. In this article we will discuss Heartbleed in detail.
Heartbleed is one of the Most Important Security Breaches in Internet’s History
What is OpenSSL?
OpenSSL is a service that encrypts data that must remain confidential on the web. For example, when accessing our online bank account, our password is encrypted by a service like OpenSSL so that dishonest people cannot take such sensitive data. The easiest way to know if the website you are visiting is protected by a data encryption service is the presence of a lock in your browser’s address bar.
Why use Such an Evocative Name for a Security Breach?
Heartbleed was chosen as the security breach’s name by the OpenSSL team because it affects a software extension called Heartbeat and it causes data leaks. By association with the name of the affected extension, these leaks can evoke bleeding hence the name Heartbleed.
Is this is a bit sensationalist? Perhaps, but given that this is a major security flaw, such a name raises people’s awareness regarding its dangers.
What is Heartbleed?
Heartbleed is a security breach that affects the OpenSSL encryption service in its 1.0.1 to 1.0.1f versions (other versions are not affected). It has appeared in 2012 without anyone knowing its existence and then discovered and repaired on April 7. However, for the breach to be repaired on a system using a version of OpenSSL affected by Heartbleed, an update must be downloaded. Since 2 out of 3 websites are using this software to encrypt their data, it is important that system administrators are aware of this issue to prevent confidential information from falling into the hands of unscrupulous hackers.
Several important websites such as Imgur, OkCupid, Flickr, Eventbrite and the FBI’s official website have confirmed that they were affected by Heartbleed.
What Kinds of Data can be Stolen Because of This Breach?
All kinds of data can be stolen because of this flaw. Some developers claimed to be able to exploit the flaw to retrieve Yahoo passwords and search histories from the Duck Duck Go search engine, an encrypted search engine popular with those who advocate the right to privacy on the Internet.
Now that this security breach was exposed, system administrators will not have the choice to update their servers and the websites running OpenSSL will again be completely safe. Meanwhile, people who need privacy in their use of the Internet and want to be certain not to be a victim of Heartbleed should wait a few days until the situation subsides, according to Tor Project.
For now, there is no evidence that confidential data was stolen by pirates when the breach was totally anonymous in impacted OpenSSL versions, but it is possible that such thefts have taken place. We will certainly know more in the coming days.
Kezber’s Online Recovery service website blog
Kezber on social media