Heartbleed Bug to Cripple Internet in the Next Few Weeks
By Pavithra Rathinavel | April 17, 2014 8:10 AM EST
When accessing several Web sites and services, Internet users might be greeted with a "Page cannot be found" message.
With the presence of Heartbleed bug, several Web sites and online services try to implement some security patch recommendations for this particular vulnerability affecting most top Web sites and other related services.
Washington Post reported, "Efforts to fix the notorious Heartbleed bug threaten to cause major disruptions to the Internet over the next several weeks as companies scramble to repair encryption systems on hundreds of thousands of Web sites at the same time."
Heartbleed is a bug targeting OpenSSL, the security protocol that encrypts Web traffic. This allows attackers to gain access to sensitive data, credit cards, usernames, passwords, private communications, among others.
The discovery of this Heartbleed bug has shocked the tech industry. Although many companies like Yahoo, Google and Facebook fixed the problem with the help of the recommended security patch, users were asked to change their passwords. The other companies are quickly trying to patch the security holes on their Web sites to keep the user data safe.
Jason Healey, a cyber security scholar described this vulnerability to TWP, "Imagine if we found out all at once that all the doors everybody uses are all vulnerable - they can all get broken into. The kind of bad things it enables is largely limited only by the imagination of the bad guys."
Even though the sites like Google, Facebook, and Yahoo, among others implemented the recommended security patch and asked their users to change the passwords to their sites and services, there is still one major concern. Heartbleed allows hackers to steal the "security certificates" of the Web sites, later the same certificates can be used to create counterfeit versions of their sites.
The users who log into these fake sites may unwittingly provide their usernames and passwords straight into the hands of hackers. The TWP noted this kind of hack is very complicated and time consuming.
The site also said it took a hacker by name Fedor Indutny around 2.5 million hits of a particular server to obtain its security certificates. The dedicated hackers with the sole agenda of stealing personal data can get their way around through this time-consuming process.
This means there is going to a major disruption to the Internet mainly as Web sites scramble to reissue their security certificates in the process, slowing down the Internet.
The silver lining was that many critical sites of banks and governments were not affected by Heartbleed bug.
According to Jason Healey, there are two options to get through this bug. The first option is to flood the Internet's security infrastructure with tens of thousands of revoked keys per day and risk slowing down the Web to maintain security.
The second but not a good option is to let people stay vulnerable for some more time, thinking that stealing the security certificates of Web sites are a complicated process, until they find a better solution.
To contact the editor, e-mail: