Monthly Archives: April 2014

Heartbleed Bug Description

Heartbleed is a security bug in the open-source OpenSSL, the cryptographic software library that protects many sites on the internet. This bug happens in a software called OpenSSL, which encrypts information typed by visitors such as username and passwords, so it will be unreadable for others. This protects the information from leaking while it is going from your computer to the website.

Heartbleed bug happens because of a small bug in the OpenSSL software. It allows a person to retrieve information on the memory of the web server without leaving a single trace. There is a feature called heartbeat in the OpenSSL software that the heartbleed bug exploits. What the heartbeat feature does is that it notifies you that the website is active and is listening to your requests. Normally, when you request the website for something, the heartbeat will only send you back the amount of data your computer have sent. But, when the server is affected by the heartbleed bug, this is not the case. Sometimes users gets more data than they requested, up to 65,536 bytes. This is the heartbleed bug. Anonymous users gets data that they aren’t allowed to be accessed to. Hackers use this to steal important information from others, sometime major companies. Since in this generation many companies fancy the use of the internet to rotate their company, it may be easier for the hackers to search for the information.

Programs such as Instagram, Tumblr, Google, Yahoo, Etsy, GoDaddy, Flickr, Minecraft, Netflix, YouTube has been effected by this bug. They all got it fixed by having a patch, but it caused serious danger for some of the sites. The damage was so big for some sites that it lead them into a financial and industrial crysis. Some of the sites’ internal core data leaked out into the hands of the anonymous, making the sites lose huge profits.

It got extremely widespread at first, but because the feature is so specific, the number of servers affected this by bug went from a 60% to a 17.5%. So the affect of this bug is minimized. Some servers no longer considers it as a threat too. But, it is still a problem. You can prevent this bug from happening to you by constantly changing the passwords you use to enter the site. At this point, even though you don’t change your password, the chance of hackers getting into your account is pretty slim.

I learned from this bug that on the internet, nothing is surely protected. Your personal information, even your identity. Internet may come in extreme handy, but it is also extremely dangerous. We have to learn to protect our identity, and stop sharing every single bit of our personal life on it. This is the lesson I learned from this bug.

“The Heartbleed Hit List: The Passwords You Need to Change Right Now.” Mashable. 10 Apr. 2014. Web. 20 May 2014. .
“​What Is Heartbleed, Anyway?” Engadget. 12 Apr. 2014. Web. 20 May 2014. .

Heartbleed-Refresh
heartbleed

Advertisements