What is HeartBleed – the facts in layman’s terms

Most of us will seen the reports about Heartbleed on the news or online, but what is it?

Most descriptions are long and wordy so here is a quick bullet list to help…

  • Heartbleed is exploitation of a bug in program code that allows ‘the bad guys’ to use malware to gather secure information.
    (or put simply hackers can gain access to the supposedly secure part of your login data and capture it)
  • It was first discovered in early April 2014
  • It’s aim is to capture sensitive information such as your website account details and passwords
  • It is targeted at the web server itself rather than your PC
  • Web servers impacted will be running OpenSSL version 1.0.1 to 1.0.1f
  • Over 60% of websites use OpenSSL
  • It is mainly, but not solely,targeted at web servers running Apache or NGINX
  • Heartbleed has been around undetected for over two years
  • Web servers that used impacted OpenSSL for secure login will have been infected
  • It leaves no trace of its attack on the server

Probably the most damning fact in there is that the virus has been around for two years and will already have gathered a stack of data.

So what does this mean to you…

  • If you have logged in to a server that has been attacked by Heartbleed then your login and password may have been stolen by the ‘bad guys’.
  • You should change your password on any server that used OpenSSL but only after that site has confirmed that they have closed the hole by updating their server (otherwise the new password will be captured)
  • There is an excellent list of popular web services, whether they have been attacked and whether they have fixed the hole available at http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

What is OpenSSL?

OpenSSL is a system used to encrypt data that you enter into a site. It’s aim is to ensure that only your system and the receiving site can access and read the data entered. You’ll see the term a lot when doing online shopping.

Hope this helps clarify things

 

Taff Lovesey
www.litespc.co.uk
www.weblites.co.uk
www.lovesey.net

About taffybach

Author of the young adult fantasy novel series, The Portal Chronicles, including The Spider Gem and The Shimmering Gate. When not writing and promoting Taff runs a small IT support company, LITES PC based in Bourne UK.
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s