If you’ve been following up tech news recently, you must hear about “Heartbleed” security vulnerability already. Million websites has been marked as vulnerable to the attack and as security expert Bruce Schneier said in his blog “On the scale of 1 to 10, this is an 11”.
Heartbleed is a catastrophic bug in OpenSSL version 1.0.1 and 1.0.2 Beta, a serious security vulnerability in the Internet history.
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
~ Heartbleed ~
SSL is used to keep your private data encrypted and sends them across the internet to the destination server. And now it has a breach! Heartbleed allows hackers to decipher and get their hands on these encrypted data. Email, passwords, phone number, credit cards, all are at the high risk of being stolen.
Is your site vulnerable? How to protect your site?
- Double check if your site or sites that you visit frequently are affected. Here are the two tools you can use: Heartbleed Checker by LastPass and Heartbleed by Filippo Valsorda.
- If your site is using OpenSSL and vulnerable, then you should immediately update your SSL certificate for your server.
- Once sites has patched the issue, then it’s time to change your passwords for major accounts or at least tell your users to change theirs once your site is safe. There is no help to change password while the site is still vulnerable.
- As a user, if you still feel insecure, you can wait till things are fixed and safe then update your credentials.
What about DesignWall? We are completely safe from Heartbleed and you can rest assured. What we can suggest more on this issue is that, keep calm and tuned in for news and updates.