The Heartbleed bug, a newly discovered security vulnerability that puts users’ passwords at many popular Web sites at risk, has upended the Web since it was disclosed earlier this week. It’s an extremely serious issue, and as such, there’s a lot of confusion about the bug and its implications as you use the Internet.
What is Heartbleed?
Heartbleed is a security vulnerability in OpenSSL software that lets a hacker access the memory of data servers. According to Netcraft, an Internet research firm, 500,000 Web sites could be affected. That means a user’s sensitive personal data — including usernames, passwords, and credit card information — is potentially at risk of being intercepted.
Who discovered the bug? Credit is given to security firm Codenomicon and Google researcher Neel Mehta, who both found the bug independently from each other, but on the same day.
What is OpenSSL?
Let’s start with SSL. That stands for Secure Sockets Layer, but it’s also known by its new name, Transport Layer Security, or TLS. It’s the most basic means of encrypting information on the Web, and it mitigates the potential of someone eavesdropping on you as you browse the Internet. (Notice the “https” in the URL of SSL-enabled sites like Gmail, instead of simply “http.”)
OpenSSL is open-source software for SSL implementation across the Web. The versions with the vulnerability are 1.0.1 through 1.0.1f. OpenSSL also is used as part of the Linux operating system, and as a component of Apache and Nginx, two very widely used programs for running Web sites. Bottom line: Its use across the Web is vast.
No comments:
Post a Comment