Apr 102014

Heartbleed bug is a critical security bug that was discovered in OpenSSL. Open SSL is a popular open source encryption software used by a number of websites and it is considered the biggest security threat the internet has seen. Continue reading to see what steps you can take to protect yourself against this bug.

heartbleedWhat is Heartbleed bug?

A website that is dedicated for the bug explains just how serious this security vulnerability really is:

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

It was named the Heartbleed bug as “bug is in the OpenSSL’s implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server.”

Watch the video bellow explains the bug in more detail, the video was made by Zulfikar Ramzan, an MIT Ph.D. and CTO of cloud security firm Elastica.

OpenSSL Heartbeat (Heartbleed) Vulnerability (CVE-2014-0160) and its High-Level Mechanics from Elastica Inc on Vimeo.

How the bug affects iOS and Mac users:

Apple has Deprecated OpenSSL on OS X in 2012 and has never included OpenSSL as part of iOS so as a result no version of OS X or iOS are affected by the Heartbleed bug.

Mac and iOS users aren’t directly affected by heartbleed bug, but are likely to be affected indirectly as OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet.

Mac and iOS users can be indirectly affected by third party services like Gmail, Facebook, Dropbox, and Evernote. These services may have been affected and may have exposed your sensitive account information. Companies exposed to the bug already patched it on their servers.

This is what Apple said about OpenSSL:

OpenSSL does not provide a stable API from version to version. For this reason, although OS X provides OpenSSL libraries, the OpenSSL libraries in OS X are deprecated, and OpenSSL has never been provided as part of iOS. Use of the OS X OpenSSL libraries by apps is strongly discouraged.

What you should do:

Visit Mashable for a list of websites that have been affected by the HeartBleed bug. If you use any services on the list, we advice you to change the password if the bug has been patched. You can also visit SSL Labs to find out if services you are using are vulnerable. If the site gets an “A” then they’re safe, and most likely the vulnerability has been patched.


Sorry, the comment form is closed at this time.