Heartbleed bug is software bug in the open-source cryptography library OpenSSL discovered last week on 7 april 2014 . About 17-19% of internet secure web servers certified by trusted authorities have been believed to be affected by this bug and are vulnerable to attack by hackers.
What is Heartbleed Bug?
Heartbleed is software bug in the open-source cryptography library OpenSSL. This bug allows hackers to not only to steal username and passwords but also cookies information from your server. So it also allow a hacker to get your credit card information and other personal sensitive information. The biggest vulnerability is that attacker can also have access to digital signatures which are used to encrypt data on servers.
What is OpenSSL?
OpenSSL is Secure Sockets layer (also called Transport Layer Security) used to encrypt data to make it secure and keep hacker away. This is actually “HTTPS” on SSL enabled websites (not HTTP) like Gmail, Facebook etc.
OpenSSL is widely used across internet and the version that are vulnerable are 1.0.1 and 1.0.1f. It is also used in linux based operating system servers for web hosting.
Who have been affected?
The following sites may have been affected and have made announcement that this bug is fixed or they are not affected.
- Google Group
- Fox News
- UPS Services
- Akamai Technologies
- Amazon Web Services
- Ars Technica
- Wikimedia (also wikipedia)
- Canada Revenue Agency
Some others are also affected and you will be emailed from company about it.
What should I do?
Account Users: if you have received email regarding fixation of this bug then please change your account password and details immediately to avoid further problems.
If you have not yet received this bug report from company affected not listed above then please don’t change the password as it will be useless. After this bug or error is fixed change your password immediately to avoid loss of data and information.
Administrators: Generate a new secret key for SSL and save it.