What is it?
-Heart bleed is a bug of Open SSL which could allow someone to get the web server's memory such as passwords from your account! Open SSL was originally for making accounts secure. This bug can be found in famous websites as well such as Facebook, Google accounts etc.
How did it happened?
-As we know about Open SSL, which is famous of websites that include a log in feature; so basically it is safe and secure for our accounts. And in the Open SSL has a feature called "heartbeats" which is a "call and response" action ; when you access to a web server, it will respond to your request. However, the issue of the bug heart-bleed is that, the hackers could request "beyond" the web to the web's "memory", this allows them to see your log in pass-codes, web cookies and other data.
Who got effected?
-People that are going on internet, logging in to their accounts with their passwords got effected; this is almost everyone in the world. Just imagine Facebook, how many friends of yours have gotten their Facebook account online to socialize with their friends? Also in educational case, you might need an account such as Gmail, or even online bank accounts!
What was the damage?
-The damage is that, the hackers would do anything to the account in however way they want to. For example, a hacker would damage your reputation by saying something bad using your account being a "fake you". The worst could be online bank accounts! The damage would be basically losing all your money since the hacker know your pass-codes already.
How to prevent it or recover from it?
-To prevent from this bug to happen to your account as well, you should definitely think about changing your passwords recently, probably once a month. Keep on changing passwords will be hard for hackers to hack your account since they can't log in anymore with your old passwords.
What did you learn from it?
-I learned that, it is not about strong passwords such as super long passwords, because once they've got into the web's memory and see all those data that they shouldn't have been seen, they could still get into your accounts! So it is better to change your passwords recently; and make sure not all your log in required accounts has the same password too!
Citations:
Griffin, Ben. "What is Heartbleed and how do I make myself safe?" Digital Spy. 29 Apr. 2014 <http://www.digitalspy.co.uk/tech/feature/a565757/what-is-heartbleed-and-how-do-i-make-myself-safe.html#~oCbmepDl5aOehG>.
"What Is Heartbleed And How Does It Affect Me? :: YummyMummyClub.ca." What Is Heartbleed And How Does It Affect Me? :: YummyMummyClub.ca. 29 Apr. 2014 <http://www.yummymummyclub.ca/blogs/christella-morris-tech-this-out/20140417/what-is-heartbleed-and-how-does-it-affect-me>.
http://www.nydailynews.com/news/world/heartbleed-bug-article-1.1751982v
http://www.engadget.com/2014/04/12/heartbleed-explained/?ncid=rss_truncated
https://www.paypal-community.com/t5/PayPal-Forward/OpenSSL-Heartbleed-Bug-PayPal-Account-Holders-are-Secure/ba-p/797568#
This comment has been removed by the author.
ReplyDelete