- Heartbleed, a 2yr old security bug in OpenSSL protocols used by over 70% websites allows ‘bleeding’ of critical information such as private encryption keys, passwords of users, credit card details that users provide during e-commerce transaction and even use chat logs for snooping.
- OpenSSL is a security protocol built using SSL/TLS encryption. Banks’ and other websites (which have https or a small green lock ahead of its name) use this to safely transfer your details to the website server.
- Leaked (private) secret keys allow the attacker to decrypt any past and future traffic to the protected services and to impersonate the service (like a social networking website or an email service) at will. Considering the long exposure, ease of exploitation and attacks leaving no trace this exposure should be taken seriously
- Google and Facebook, which run their own security protocols, are safe while Yahoo and millions of other websites are affected. Although many of these have patched and updated their websites, the nature of the bug makes internet presently extremely vulnerable.
- Any website that you use, if its exploited by cyber criminals using Heartbleed, private data such as card details, user names, passwords, chat logs are vulnerable. Ask your bank, email provider, web administrator if their service is affected by the bug. Change your passwords on various websites if you can do that.
Exams Perspective: