The tech world is currently abuzz over the news that hundreds of thousands of supposedly secure websites and emails servers could be sitting out there in the open for hackers to attack due to a technical flaw in their make.
Dubbed the "Heartbleed Bug," the flaw, if exploited by the wrong people, could end up depriving millions of netizens of their financial assets and personal information.
What Is Heartbleed Bug?
Contrary to initial beliefs, Heartbleed is not a virus but a bug that came into existence by faulty programming on the part of OpenSSL's developers.
Open SSL is basically a security tool that encrypts data, which in turn enables websites to communicate and exchange info with its users without getting exploited by hackers and others alike. Since its release in 1998, SSL has been extremely effective in providing the basic cryptographic functions to websites.
But its latest 1.0.1 series, which has been in circulation for more than two years now, has a severe memory handling error that allows hackers to read the memory of the SSL servers, access sensitive data and compromise the security of the server and its users.
How Much Of The Internet World Is Vulnerable?
Almost two-thirds of all internet servers use OpenSSL for data encryption, but only 17 per cent of the overall servers are on the OpenSSL's latest series, which is the one susceptible to Heartbleed. It puts around 500,000 servers worldwide at the mercy of hackers, so the uneasiness of online experts over this matter is understandable.
So far, hackers have exploited this OpenSSL weakness to launch attacks on mainstream websites like Tumblr, Imgur, OKCupid, Eventbrite,
Should We Be Worried?
OpenSSL is used by a majority of online banking and shopping websites, so yes; it should be a cause of concern for general users. A cyber attack could lead to a hacker retrieving your login detail even if the website you're using is on a secured https server.
What Can We Do To Save Our Login Details?
It was earlier suggested that changing passwords might be the way to go, but experts now believe it wouldn't do much good, as hackers can steal new passwords as well.
According to Andrew Storms, director of DevOps at CloudPassage, the best we can do is simply: “Avoid things like online banking and avoid sensitive sites if you're not sure. Some people will see it as overkill. But I think that's the simplest guidance. If you can hold off doing something online for a couple days, then you should."
What Is Being Done to End Heartbleed?
OpenSSL's developers have released an updated version to counter Heartbleed, but their software's widespread usage means the web owners will be slow to react and implement this fix on their sites. Until the word reaches everyone, the evil minds of the cyber world can have a blast.