Image

‘Heartbleed’: The 2 year old Security Flaw

‘Heartbleed’ Flaw Left the Internet Insecure for 2 Years

Did you know that for over 2 years there has been an existing loophole in the internet security protocol? Over 50 per cent of the internet has been vulnerable to attack owing to this flaw, dubbed ‘Heartbleed’, which is associated with versions of OpenSSL, the most used software library for internet security protocols. What is even interesting is that this problem was just realized less than 48 hours ago. OpenSSL, an open-source, is an implementation of SSL and TLS security protocols, which is responsible for encrypting and securing data and internet traffic. So it follows that the ‘Heartbleed’ flaw exposed crucial data such as passwords, online banking details, virtual private networks (VPN), e-commerce, messages and other sensitive information.

Heartbleed Known to Researchers and Hackers Alike

It has been established that researchers’ knowledge of the Heartbleed flaw dates back to as early as 2011, and to make it worse, even ‘black hat’ hackers have known about since 2012. This follows that critical data on the internet has been vulnerable for years. Though there are no complaints or confirmed reports of attacks, it would be meaningless as those attacks leave no trace. After the revelation of the security lapse, many security administrators have moved to diffuse the situation by hastily fixing the problem. The possible solutions have included changing secret keys and certificates should they have been compromised. Since heartbleed was associated with sites that use the ‘secure’ https protocol, it has affected a number of sites that offer financial services or e-wallets, but the threat hasn’t been targeting any specific industry. The security administrators have been working all around the clock since the news surfaced. However, the people who might have been affected the most are cryptocurrency holders, owing to the fact that authorities do little when it comes to fraud in cyber currency sector. If the Heartbleed is exploited by any attacker, he/she could access the RAM of systems in question and view up to 64 kbs of data at a time. This data is enough to play around with and come up with system’s secret keys. The keys come in handy in encrypting and decrypting sensitive data or traffic, enough to identify service providers.

Check if Heartbleed Affected your Service Site

Security experts have been working on ways to identify if your server has been affected. The latest update is from an Italian security expert, Filippo Valsorda, who has built one such web-based test. You can get the test also through on GitHub where he posted the test’s open-source code.

Conclusion

Researchers estimate that 50% or more of the internet servers may have been affected by the flaw as more than half of the servers use different variations of OpenSSL. Come to think of it, over half of sensitive data was exposed to black hat hackers for a two solid years and yet what may have happen within the period is still not known. The situation has left many people worried of their privacy and security of their funds online. Internet has changed the world, but with this flaw, there are more questions than answers on security of online data. It is beyond imagination to believe that for 2 years, heartbleed has compromised internet security yet nothing had been done about it.

This article was written by Walter Oduor. Walter is a freelancer at oDesk. Click here to view his full profile

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s