What is Heartbleed?

While millions of people use computers and surf the internet, few are knowledgeable about how computer systems work and the problems they might suffer from when bugs and problems emerge. Although it may be rare to be caught off guard by a catastrophic computer security event, such scenarios do occur. In some cases, the security flaw can lead to widespread and truly disastrous outcomes.

The Problem & The Answer

Such is the case with the notorious Heartbleed bug. Quite a bit has been reported in the news about it. Various password protected websites have been sending out assurance emails to panicked members. Event the federal government’s National Security Agency (NSA) has been drawn into the controversy.

Despite all the news, confusion still abounds regarding what exactly Heartbleed is.

The straight forward answer is Heartbleed can be defined as a security bug present in the open-source OpenSSL cryptography library. This library is one designed to ensure the internet’s Transport Layer Security (TLS) protocol works effectively. The presence of the bug undermines this effectiveness.

As a result, the transmission of secure data via the internet becomes compromised. A great deal of transferred data involves confidential personal information related to both identity and finances. The Heartbleed programming flaw remained in existence for two years.

Since OpenSSL accounts for two-thirds of internet traffic, a two year window means quite a massive amount of emails and internet traffic were put at a major risk for being compromised. The items are risk are not just user names and passwords. Criminals looking to take advantage of the bug’s impact on the security certificates of websites. In short, doors end up being opened to access the RAM of the site and wreck havoc.

What’s In A Name

The name of the bug derives from the way computers and websites communicate with one another. When a computer connects with a website, the website sends a message (dubbed a heartbeat) back to the computer to let it know the site is active. Hackers can exploit this transmission to gain access to sensitive data. Hence, the heartbeat becomes a heart bleeding sensitive information.

Currently, steps are being taken to fix the bug. Those who have been contacted by secure websites that security flaws have definitively been confirmed should change their passwords and do so immediately. While there is no reason to panic over the situation, the mere fact that Heartbleed exists should lead many to rethink whether or not they should subscribe to an identity monitoring service. This way, an immediate alert can be issued if personal information has been stolen and illegally utilized.

Leave a Reply