Sunday, April 13, 2014

Heartbleed Bug, 5 things you can do to Protect yourself from the Heartbleed Bug!

HeartBleed Bug?

Heartbleed bug is a software bug in the OpenSSL library. OpenSSL library is an open source solution to SSL - Secure Socket Layer. SSL is an encryption scheme for web servers, and it is widely used by millions of web servers around the world. Servers which are using OpenSSL are vulnerable to the Hearbleed bug. The name "Heartbleed" is given to this bug, because it essentially opens the doors of hackers and unauthorized personnel to the server data, and user session cookies, which bleed out like blood from a heart. Around a half million web servers are said to be affected by the Hearbleed bug.



Some more information about the HeartBleed Bug:

-->This bug is said to be coded by one of the OpenSSL's core developer team.

-->This bug was already in action since last two years, but only it is discovered recently.

-->Instagram service was down recently, though now it is back, probably due to the Heartbleed bug.

-->OpenSSL servers with version 1.0.1 and up are affected by the Heartbleed bug.

-->The main feature of this bug is that it doesn't leave any trace of  any malicious activities of the hacker's activities.



Protect yourself from Hearbleed Bug:

Here's five things you can do to protect yourself from the Heartbleed Bug:

1)Change passwords. Many websites which are vulnerable to the Hearbleed Bug like Pinterest have already dispatched emails to users to change their passwords. Although banking sites don't use OpenSSL much, you should check up with your bank and ask them if you need to change your banking passwords.

2)Check the websites you are visiting. You can use the following links to check if a website is vulnerable or not. Don't rely completely on these sites, as they cannot guarantee you 100%.
https://lastpass.com/heartbleed/
https://www.ssllabs.com/ssltest/index.html

3) You can download a plugin for Mozilla Firefox which will check the sites you visit. Check Heartbleed plugin here.

4) Check everything you are downloading. Don't download malicious things from your spam emails or counterfeit software. Don't login with your passwords at public WiFi networks and shared internet connections such as colleges and public places. It is always better to open your confidential information at secure networks such as your home network.

5)If you are using a router, then change its login password. Also do check with the manufacturer of your router if they have issued any patches or other information.