Heartbleed bug can make cybercrimnals access your data even they are encrypted
Heartbleed is the name of a software that has jeopardized the safety of the modern web. A hole that affects a huge number of web servers, and the Heartbleed bug has created a big issue, which allow attackers to discover information such as the users password even when the data is encrypted in a secure environment. No doubt that this problem is serious, but to what extent? Eddy Willems, security expert of G Data, who attempted to answer this crucial question.
The problem with Heartbleed is a hole that affects the structure they have built in the modern web. When interacting with different websites and online services, such as emails which are the encrypt communications between the user and the server, and the data is protected so you can not access them externally. It generates a communication betwen the user and the service through a secret language known only to them. To perform this encryption, different tools are used as Open SSL, a free protocol that can be found in about two thirds of the entire site.
Precisely, Heartbleed vulnerability affects this tool and allows the cybercriminal to access data without the user being aware of this attack. What is more serious is that this hole has been in existence for several years (the web sites affected are those who have used the version of OpenSSL from late 2011), and not visible to the users. Bringing this vulnerability into action many web has suffered the most serious threats in the past.
According to Eddy Willems, it is a big deal, but in my opinion that 50% to 60% of online accounts have been compromised is somewhat exaggerated, but it is obvious that even if this percentage is 30% the problem is very serious.
However, there has been many instances about the data theft and account hack, but we didn’t hear much about heartbleed. It’s something that needs be knows properly, and no one has the exact idea about this and the way to stop.
Heartbleed may be the key to save us from a catastrophe of enormous proportions, because this hole does not only affect web pages but also other services such as email servers or banks. Many affected websites have already deployed a patch to protect their platforms and prevent further contesting pf this hole. However, the big problem occurs if the cybercriminals have attacked the site before the patch, and then the attack can be played any time.
In addition, other threats can be found in smaller websites, which take longer to fix this vulnerability. Users often use different passwords across different web sites so that criminals can not affect all the accounts. It is best to make the change in our passwords at sites that utilize this protocol.
Mashable has compiled a list of the major websites and online services that should change the password.