Heartbleed: The Death Metal Bug Out To Spill Your Internet Secrets

Published by Designzillas on March 13, 2014

View it here!


No, HTML doesn’t stand for “Holy Toledo, much letters!” Even though that might be what it seems like sometimes, HTML actually stands for HyperText Markup Language. That’s right, folks — HTML is a language. The native tongue of websites.

We’re not going to lie: You might want to worry about Heartbleed.

You’ve heard of encryption, right? Even if you haven’t, the odds are highly in favor that you have dealt with it before. Whenever you type in a username or password, use your e-mail service, or even file your taxes you’re interacting with something called SSL/TLS, a set of protocols the internet uses to scramble up sensitive information.

Think of it like that secret language you and your best friend had in middle school. Remember sitting bored in math class, passing notes in some kind of gibberish that only you and she could understand? In this scenario, SSL/TLS is the note, your server is your best friend, and you still get to be you. The “attacker” is your teacher who confiscates the note and attempts to read it in front of the entire class. But thanks to SSL/TLS, her efforts are futile.

Along comes Heartbleed to ruin all the fun.

What Is It?

Don’t get too excited; it’s not a new single from your favorite death metal band. Directly from Codenomicon, part of the team that found the bug:

“The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users.”

It’s a bug in the OpenSSL cryptographic library (used by over 2/3 of websites to encrypt data) that allows attackers to easily steal sensitive data from users and services without a trace. Heartbleed makes it possible for attackers to steal the memory of a website and completely duplicate it, setting up dummy websites to dupe you and steal your information. It’s pretty much a giant bully.

What Can I Do?

If you’re just a normal internet user, meaning you log into your email, the obligatory social media websites and maybe some celebratory Netflix after a long day’s hard work, there isn’t much you can do except change your passwords. But before you do that, check with your service providers. It’s their job to install OpenSSL’s server patch which protects them from any future Heartbleed attacks. After the patch has been installed, they may also need to reissue SSL certificates (these verify that your server is a trusted source). Once all of this is done, then it is safe to change your passwords. If you do this before they fix the issue from their side, your passwords and data are still vulnerable to attack.

The Internet Is Not 100% Secure

It’s giant scares like Heartbleed that bring us back into the light: not everything on the internet is safe. For instance, many of us use the same set of passwords across all of the websites that require a login. If a website you frequent was attacked by Heartbleed and your password to login to the attacked website is the same password you use on countless other websites, the attackers now have access to your login information for not only the attacked website, but all those other websites as well.

If the Heartbleed bug makes anything clear it’s that nothing is ever 100% secure. Take every precaution you can to protect your information — use a password generator and create different passwords for each service you use. It may seem complicated and tricky now, but it might end up saving you some stress in the long run.

To sum everything up:

  • There are internet protocols called SSL/TLS that keep your secrets on the internet
  • Sometimes these aren’t as secure as we would hope; enter Heartbleed
  • Heartbleed is the bully trying to steal your information without you ever knowing
  • Service providers are working hard to install the new patch and regenerate SSL certificates, defeating the evil Heartbleed
  • Contact your service providers if you have any questions about your possibly affected websites
  • Change your passwords!
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s