Heartbleed Bug Wrecks Havoc on World Wide Web
Heartbleed has been wrecking havoc on the Internet, causing panic to individuals and companies doing vital financial transactions over the web. Heartbleed, which can be is not actually a virus. Rather, it is a programming error that renders the privacy protection of a supposedly secure website vulnerable to malware and hackers.
The bug is named after the “hearts” in a secure website’s servers. These are codes and programs that check the security information of people doing transactions in the internet, including online shopping, checking bank statements or reading e-mails.
Heartbleed enables cybercriminals to get access to code keys so that they can get key information such as passwords, email addresses and user names, Social Security number, e-mails and private messages as well as file attachments. With this information, cybercriminals can get into e-mail and financial accounts (i.e. credit card or online banking accounts). In addition, not only can cybercriminals have access to individual accounts, they are also able to impersonate a legitimate company’s website and trick users into logging in to the fake website.
Heartbleed on the Web
The case in Mumsnet is one example of how Heartbleed enables serious breaches in a website’s security. A hacker was able to steal the log-in details of Justine Roberts, the website’s founder. With this, he was able to post on the website forum as JustineMumsnet and say, “Am I being unreasonable to think that the vast majority of you are clearly insane?” The post continues to announce that the site will be shut down or sold off.
Several user accounts were also hijacked and used to write on the forum. Some usernames and passwords were also published in a list on another website. The team at Mumsnet has since patched the security issue and reset their user’s passwords.
In recent developments, a 19-year-old Canadian was arrested for allegedly hacking the Canada Revenue Agency by exploiting the Heartbleed bug. The Royal Canadian Mounted Police has arrested Stephen Arthuro Solis Reyes for illegally obtaining information on taxpayers, including almost 900 Social Insurance Numbers. The information was extracted over a period of 6 hours.
Stopping Heartbleed
Experts claim that Heartbleed has been around the web for over two years before it has been recently discovered. It has also potentially affected about two-thirds of all websites. The bug was first discovered by Neel Mehta of Google Security and Codenomicon’s team of security engineers.
The “bleeding” of information from this bug can be stopped with careful and expert Utah web design and programming. Companies are advised to monitor their servers and to fix the bleed. Individual users also need to check which websites they are using have already patched the security issues related to the bug. When the security of the website is clarified, this is only when users should change the passwords for the website. Doing so before security issues are fixed may render one more vulnerable to having their passwords stolen.
Sources:
http://heartbleed.com/