April 10th, 2014 at 10:38am
By now, you should have at least heard about the Heartbleed Bug. It’s got IT teams across the planet in a panic, and has gained a lot of awareness due to the fact that it’s a vulnerability within a technology we rely on for security and privacy. This article will hopefully answer a few of your basic questions, and shed some light as to what’s going on…
What is SSL?
SSL (Secure Sockets Layer) is a technology used for protecting your connection to a website. The infamous green padlock on your browser address bar signals that your connection to that website is encrypted. This essentially ensures that everything you do on that website is kept secret from prying eyes.
SSL Security of Dubai Islamic Bank – dib.ae
How can somebody spy on me while browsing a website?
Whenever you visit a website, your computer and the server that hosts the website are constantly exchanging packets of data. These packets travel through networks to reach the other side. During this transmission, software known as “Packet Sniffers” can be used to pick up packets that can then be read. If you’re not connected to a website using SSL, these packets are in a plain-text format which is easily read. With SSL, however, these packets are encrypted and the data inside them practically unreadable by humans. This is why it’s absolutely crucial that any webpage that you’re entering passwords, credit card details, or any other sensitive information is sealed with that little green padlock.
What exactly is the Heartbleed Bug?
The Heartbleed Bug isn’t something new. It has actually been around for about two years, but was only recently discovered and made public. It’s important to note that this vulnerability only affects systems using OpenSSL, and not all SSL standards. You can read more about the vulnerability at HeartBleed.com
Although the Heartbleed Bug is a serious vulnerability that can potentially leave your connections to websites insecure, it’s important that we look at the situation with some perspective:
- Every time you browse a website without a secure connection (i.e. without the little green padlock appearing on your browser’s address bar), your data is openly travelling the Internet, and is vulnerable to being spied on.
- This current vulnerability doesn’t mean that your data is automatically exposed. It’s a vulnerability that needs to be actively exploited before your data can be intercepted and decrypted.
- The Heartbleed Bug has been around for two years, and nobody has known about it. Now that it has been discovered, IT and security teams around the world are working on fixing the issue.
- The issue is easily fixed. OpenSSL has already released a fix, which is easily installed on servers using the technology. Most of your commonly used websites – such as Google and Facebook – have most likely already fixed the problem on their ends.
- This is not a vulnerability that affects your personal computer or tablet. It’s a vulnerability that affects the servers that use OpenSSL.
So, What should I do now?
The recommendation is that you change your passwords across services as soon as possible. You’ll need to wait for each website to fix the vulnerability on their servers before you do so. Major website such as Google, Facebook, Yahoo, etc. will most likely announce the completion of their fixes; so keep your eyes open. As far as other, smaller websites are concerned, follow some simple common-sense rules to keep your personal data safe:
1. Do not leave personal information to rot. If you have accounts with websites you do not regularly use or need, close your accounts, or at least manually remove personal information from your profiles.
2. Make sure you change your passwords regularly, and never use the same passwords on major services like your email and social networking.
3. Before providing personal information to any website, make sure you know and trust who you’re giving your information to. This is especially important when providing credit card information or other highly sensitive data.
The Heartbleed Bug is definitely serious. It’s a vulnerability that can potentially affect the security of transmissions of our personal data. Having said this, it’s not something that the average person needs to completely panic about. Wait for your favourite services to be patched, and then change your passwords. When and where possible, activate two-factor authentication if your service provider allows it.
If you own or operate a website, you need to take immediate measures to ensure your services are patched and secured. Once again, this vulnerability only affects OpenSSL, so if your website uses this technology, take immediate measures to ensure your website remains secure. Your hosting provider or IT team should already be aware of the issue and be actively working towards resolving it. It may be a good idea to email your users informing them once you’ve applied the required patch and advise them to change their passwords.