It sounds like a rejected Game of Thrones city…
Well, the Internet practically fell apart yesterday. It was revealed that there is an incredibly serious bug in Open SSL, nicknamed “Heartbleed”, that allows hackers to access pretty much all the information you put in so-called “secure” sites. Literally everything you know is a lie.
So here’s the rundown: a group at Codenomicon found the flaw in the Open SSL encryption protocol that would allow for a hacker to access encrypted information without leaving a trace in any logs. The flaw is found in what is known as a “heartbeat” feature that can keep services open on a secure connection for a specified amount of time—by tapping into the “heartbeat” mechanism, a hacker can request the secure server give up a piece of its memory which allows the hacker to access the encrypted information. Apparently, this vulnerability was exposed by updates to the Open SSL code in late 2011.
What does this mean for everyone? Well, the whole “secure on the Internet” thing is definitely in jeopardy. Many sites use SSL certificates for encrypting important information, like credit cards and other personal info, and now all that is at risk. It’d be like a bank having a giant vault door to protect the money, but leaving the back door to the vault propped open with a rock. That little lock in your browser’s address bar is a dirty liar! He tries to make me think everything is secure, but nooooo it’s all a lie.
Open SSL is some big time stuff—this doesn’t affect a small portion of people such as the Target breach (if you can call 40 million small), because Open SSL is used by nearly two-thirds of servers on the Internet. Two-thirds! Over half of the Internet is using Open SSL which means that two-thirds of the Internet is vulnerable. The concerning thing is that hacks can’t be traced, so there’s no way of knowing if the vulnerability has already been compromised.
The good news is that there is a patch available, so any sites that may be affected—or those that just want to take precautions—can update their SSL certificates to fix the Heartbleed vulnerability. The safest thing to do is go and change all of your passwords to sites where you have vulnerable information, especially your banks, any utility bills, financial institutions or other sites where you may have personal info stored.
For more information contact Chris L.