The newly discovered Heartbleed bug is being considered as a serious issue as it puts personal information of the user at risk. The bug was discovered nearly a week ago and there is lots of confusion among the users regarding its implications. We have compiled some information in order to help users protect their personal information, and we will keep on updating our posts once we receive any new information or update about the security bug.
1.Heartbleed can be easily understood by knowing that it is security vulnerability in OpenSSL software that enables hackers to access the memory of your data servers. The bug has already affected more than 50,000 Web sites, according to an Internet research firm Netcraft. The bug puts your usernames, passwords and credit card information at high risk of being intercepted.
2.OpenSSL is open-source software for SSL implementation across the entire Web. The 1.0.1 through 1.0.1f versions have vulnerability. OpenSSL is also used as part of the Linux operating system as well as a component of Apache and Nginx, which are the widely used programs for running Web sites.
3.Ossi Herrala, a systems administrator at Codenomicon, coined the term “Heartbleed”. It’s got a nicer ring to it than its technical name, CVE-2014-0160, named for the line of code that contained the bug.
4.The security bug has been independently found by security firm Codenomicon and Google researcher Neel Mehta, but on the same day. Mehta received a county of USD15,000 which he donated to the Freedom of the Press Foundation. Google has been quoted saying that “The security of our users’ information is a top priority. We proactively look for vulnerabilities and encourage others to report them precisely so that we are able to fix them before they are exploited.”
5.It is highly suggested that avoid using your accounts from the afflicted sites unless you are pretty sure that the company has fixed the problem. You need to be careful even if the site gives you an “all clear” indication. Majority of users would change their password immediately, but experts suggest that you should wait until the problem is fixed because further activity on a vulnerable site could increase the problem.