What is Heartbleed security bug? – A simple explanation

Heartbleed bugI read about the heartbleed bug just a few days back while I was going through the regular tech news. My first thought was that this must be just another bug or virus or whatever that hackers keep churning out and that I can easily ignore this threat. Boy, was I wrong? Since then I have come to realize the full threat of this bug and I thought it actually makes sense to put something out that which could help people from falling prey to this bug. So, without further ado, I will try to explain what this bug is all about and how you can stay safe.

The heartbleed bug has been labelled the biggest security threat the internet has seen, so it is critical that we understand more about it and also take preventive measure to safeguard.

What is Heartbleed security bug?

In very simple terms; it is a bug that allows our usernames and password to be stolen by attackers. This has affected over 98% of websites and that is because almost all the websites use  a technology ‘openSSL’ which is meant for the communication of security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs). So, almost no website is safe. Following is a very tiny list of websites that are affected:

  • Facebook
  • Google & Gmail
  • Yahoo Mail
  • Instagram
  • Pinterest
  • Tumblr
  • GoDaddy
  • Dropbox
  • SoundCloud

Hotmail, Twitter, Amazon, LinkedIn, Apple are some of unaffected website and services. Almost all of the popular websites have now fixed this vulnerability but not before those attackers stole away your and my login information.  It is officially referred to as CVE-2014-0160 where CVE stands for Common Vulnerabilities and Exposures.

What do I do?

Affected or not, the first thing you do is to change your password. I know its a pain in the butt but you have to do it. It is imperative. If you think that so far nothing has happened and that I should ignore it since, I am still able to login without issue then its exactly what the attackers want. They want you to be complacent about security so that when the time comes they exploit it. So, here is what you will do –

  1. Make a list: list down all the important websites/services where you use password. for example: for me it is gmail, godaddy, dropbox, facebook and all my financial websites.
  2. Change password: change the password on each of these sites. “Try” to have different password for each site. I used the word ‘try’ because I know it is hard to do. So, for that you can make use of the password manager service called LastPass. I only use their free version but the important fact is that I ‘use’ it. So, please make use of this or any other password manager service. You can visit their website by clicking here.
  3. Inform: inform your friend and family members of this bug and tell them to change the passwords as soon as they can.

I want more details…

If you are hungry for more information or have the appetite to go through arduous journal written on the heartbleed bug then please do visit the dedicated website. It is a dedicated website  with lot more information on the heartbleed bug.

The most important this is that you take this seriously and make the suggested changes. Please use the comment section below and I will be happy to address any concerns or queries that you may have.

Wish you all the best!

No comments yet.

Leave a Reply