This is exactly what everyone of us asked ourselves when we first heard about the now famous Heartbleed Bug that has affected most of the Internet. Unfortunately, most of these sites don’t educate how this affects us as a general everyday user. So let me walk you through very quickly. Heartbleed Logo

What is Heartbleed?

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. OpenSSL is used by most of the websites to make your data secure and prevent hackers from listening to your data. So a bug in OpenSSL means that anything built on top of it is also not secure too. This xkcd comic explains the hack pretty well.

So you are like why should I even care about that, those nerds behind the servers should worry?

How does it affect me?

All your private data, was almost fully accessible to anyone who knew about this bug. Heartbleed Bug has been existing for about two years now. Now that is a long time and the probability of your data being stolen already is very high. Its very possible that multiple agencies targeted Gmail, FB, SnapChat, Whatsapp, Dropbox, etc and extracted data from their servers during these years.

Apart from data, online banking sites are also affected by this. You should check with your bank to see if they have fixed their servers.

But what about my data?

Exploiting this bug leaves no trace on server logs, so it is nearly impossible to be sure if your data was stolen by someone or not.

Now if you really had some very private data stored online somewhere, you should precisely be like this right now:

Panic

What should I do?

If you are an end user

You should know that all the famous sites and apps have already fixed their servers and patched OpenSSL. What you should do now is change your password immediately. Unfortunately, that is all you can do for now.

If you are a developer

And you own a web service or an app that holds user data. You should update OpenSSL on your end and initiate password reset for all your users. Also reissue the SSL certificates and keys. To check if your favorite app or site is still vulnerable to this bug. Use this service.

Tagged on:     

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>