Heartbleed: Bug you didn’t know was there, leaves no trace

Heartbleed graphic

Heartbleed graphic by Codenomicon

Security breaches are nothing new, but the latest computer bug is a doozy. The Heartbleed bug makes networks vulnerable and enables theft of data such as passwords and user names.

Security engineers created a website to warn the public:

“The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software…This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.”

Security engineers at Codenomicon and Google Security found the bug; Codenomicon discovered it while working on security features in the company’s testing tools.

The Heartbleed Bug website advisory pointed out a user may not even know the attack has occurred. Making it potentially worse, the bug has been out there for quite some time:

“[T]his bug has left large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease of exploitation and attacks leaving no trace this exposure should be taken seriously.”

Open SSL posted a security advisory on Monday. Why is Open SSL important to Internet users?

Tech Crunch put the bug discovery and OpenSSL in a layman’s perspective:

“Even if you’ve never heard of OpenSSL, it’s probably a part of your life in one way or another — or, more likely, in many ways. The apps you use, the sites you visit; if they encrypt the data they send back and forth, there’s a good chance they use OpenSSL to do it. The Apache web server that powers something like 50% of the Internet’s web sites, for example, utilizes OpenSSL.”

Heartbleed, according to some media, has been around for at least 2 years. Logs won’t even show the attacker was there; the bug “leaves no trace,” according to Codenomicon.

Day on the Day reviewed half a dozen articles about the bug in addition to materials and links at the Heartbleed Bug website. There isn’t much the public—the end user of a site—can do, other than routine measures like changing passwords. It’s a good idea to check your credit report and charge account statements on a regular basis.

In the case of the Heartbleed bug, your own security measures may make you feel better, but the fix isn’t up to you.

The fix must be undertaken by networks, companies, social media website administrators, and others on the front end.

(Filed by Kay B. Day/April 9, 2014)

Please help Indie blogs like Day on the Day by sharing and commenting on articles like this one. Follow us on Twitter @TheUSReport.

About Kay Day

Kay B. Day is a freelance writer who has published in national and international magazines and websites. The author of 3 books, her work is anthologized in textbooks and collections. She has won awards for poetry, nonfiction and fiction. Day is a member of the American Society of Journalists and Authors and the Authors Guild.
This entry was posted in National Security, Small Business, Technology and tagged , , , . Bookmark the permalink.

Sound off!