Heartbleed - On the Internet And Beyond

The Concept

The advent of Heartbleed a recent software bug, threw a new challenge to the security of communications to the Internet in any way vulnerable. IT professionals dealing particularly with the Internet security protocols expressed huge concerns about its functional life. While experts analyze the exact potential damage and the means to fight against the CVE
(Common Vulnerabilities and Exposures), which has already been established that this bug is able to cross the SSL / TLS (Transport Layer Security) encryption and attacking the sensitive information.

How does it work?

Heartbleed (official reference id: CVE-2014-0160) directly affects OpenSSL (Secure Sockets Layer), a software system that provides security for web sites and their servers as transfers and authenticates information such as words password in an encrypted format or hidden from the sender to the receiver (s). When data (such as chat, message, email, etc.) is accessible via OpenSSL, he created a secure pipe to transfer without compromise. Alarmingly, the bug allows anyone to read the memory of otherwise secure system, which includes securing passwords, messages, credit card numbers, emails, etc.

Why is it called "Heartbleed?

There is a technical reason behind the unusual label. When a computer sends a request to a website, it responds with another message of the same length called a "heartbeat". It is called so because it informs the sender that the site is active and ready to receive requests and answers. When besieged, the site of cardiac rhythm is changed and the answer is surprisingly different.

The shocking attacks

Some high security profile debacles this murderous intrusion may be performed include Facebook, Yahoo and Google. In the financial sector, US funds and Venmo have been violated. While Netflix, SoundCloud, YouTube and Wordpress are free of viruses, websites like Instagram and Pinterest are also at risk. LinkedIn and Twitter seem to be safe, but by changing your account passwords on these sites is highly recommended.

The Challenges

One of the biggest problems with Heartbleed is that it is not a bug, that can be disabled by a virus. Instead, it is located in the heart of secure data transport mechanism regulating the Transport Layer Security (TLS) and Secure Socket Layer (SSL) of the Internet. The bug has even hit the applications using client certificates for secure connections with authorized users. Thank you to the bug, confidential information about a number of commercial and educational websites around the world is now powerful risk. The researchers found that this bug has resulted because of a programming error inherent in the internal code of the OpenSSL software, resulting in access to encrypted data keys in memory, also decrypt them into readable formats.

Although most of the sites affected by Heartbleed were patched up, there is still significant potential for damage. It is clear from the following statistics:

- Among the top one million websites in the world, nearly two percent (ie 20000) is still at risk.

- 800 of the 50 000 first classified sites are still vulnerable to damage.

- Security issues have spread to compatible mobile devices and the Internet.

- Nearly 300 000 sites remain prone to injury for the next month.

- Nearly 1300 applications on the Google Play Store were connected to risky servers. These applications have an increased risk of affecting client devices via their associated servers.

- The list of victims further expands network devices such as routers, switches, servers, video cameras, and Network Attached Storage (NAS).

- Highly secure Virtual Private Networks (VPN) or are under the scanner of bugs.

The Protection

Until experts overcome this bug, follow these basic steps to protect your data integrity:

- Avoid sharing sensitive personal information on public sites, especially as Google, Yahoo and Facebook.

- If you store information on cloud file hosting services such as Dropbox, IFTTT, and framed immediately change your password.

- Always maintain unique passwords for different accounts and strengthen with the different cases, numbers and numeric symbols.

- Keep changing passwords frequently.

The author Rakhi Sinha is the Founder & Owner of The Syntax Systems (TSS) ( http://www.thesyntaxsystems.com ), global content service provider. We deliver a wide variety of content on a broad spectrum of subjects. For our content & related services, please mail us on contact@thesyntaxsystems.com. Read more on business technology at: http://thesyntaxsystems.blogspot.in/2013/12/unified-communications-generating.html