Cyber security attack: Heartbleed bug

April 17, 2014 2:22 PM

Password hackers

The biggest security risk to have claimed the cyber world is the catastrophic Heartbleed bug. It has been described as the worst yet, the bug is present in a piece of open source software called OpenSSL. The bug has been devised to encrypt communications between a user’s computer and a web server, a secure connection is established. It was termed Heartbleed as it alters an extension to SSL (Secure Sockets Layer) which electronic engineers have described as Heartbeat. Heartbeat is a commonly utilized encryption device on the internet.

It is claimed to be set up by approximately two-thirds of all websites. Basically, it is visible to the users’ eye through a padlock symbol in the browser, this means that the user is using SSL. There are half a million websites that are believed to have been affected by the bug. It has severely affected network routers and switches, video conferencing equipment, phone call softwares, firewalls and apps that allow users limited access to commercial data.

The encryption defect can be used to violate passwords and secret keys which safeguard computer users. Heartbleed broke out on international news broadcasts following Google Security and Codenomicon’s security concerns over a defect that has been present in OpenSSL for more than two years. The alert became public following several hardware and software installers recognizing some of their products being jeopardized.

Cyber Attack crisisChief technology Officer of Co3 Systems Bruce Schneier stated, “The Heartbleed bug allows anyone to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the name and passwords of the users and the actual content”. He further claims that, “This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users”.

The bug has essentially been exposing users’ personal information and passwords to hackers for the past two years. Unfortunately, Heartbleed leaves no trace whatsoever, thus making it challenging to figure out whether a server is being hacked or what kind of data is being stolen. The flaw has thus far only revealed 64K of data at a time. Since OpenSSL is an open source software, technological researchers were able to examine the code in further detail which is how they were able to find out initially.

However there is nothing to be seriously concerned about according to security researchers. Dr Richard Clayton stresses that “you would have to be a semi-professional to have this sort of equipment at home”.

It would be rare for domestic networking systems to be thoroughly affected. However, advice has been given to computer users to change their passwords from the websites they use for precaution. This is to avoid any form of impersonation by hackers of users and protection on data communications. Technological researchers and system are still continuing to resolve this security risk.

 

Tags: