Heartbleed bug made headlines when it affected even top sites like Google, Wikipedia and Facebook. While the sites have released patches and employed additional security measures, users should be careful about the bug regardless. Understanding the Heartbleed bug, top sites affected and important security procedures should help reduce the risk and effects of the problem.
The Heartbleed bug refers to a security vulnerability discovered recently. It makes user passwords vulnerable therefore putting a lot of websites at risk as well. Discovery of the Heartbleed bug changed how websites operate. Users also have to be extra careful when transacting or doing anything online. This threat is considered extremely serious for all companies and individuals operating online.
According to CNET, Heartbleed is a security threat related to OpenSSL software. This threat allows hackers to access a server's data memory. This means hackers can access a user's personal data including passwords, usernames and credit information. Hackers can also intercept information giving them access to confidential transactions. Internet research firm, Netcraft, estimated the bug affected around 500,000 websites.
What is even worse is that a hacker can also steal digital keys from a server. These include keys used for communication encryption. A company's internal network and confidential information can be in jeopardy. The vulnerability allows an attacker to access as much as 64KB of the server memory. Likewise, hackers can access the network repeatedly thus putting more information at risk. An attacker can even get their hands on the "cookie" data for more convenient access.
CNET compiled a list of websites affected by the Heartbleed bug. So far here are the updates:
- Google, Facebook, YouTube, Yahoo and Wikipedia, Bing, Pinterest, Blogspot: Password change advised. Vulnerability patched.
- LinkedIn, Ebay, Live, PayPal, CNN and Twitter: not affected.
For a complete list of websites affected and updated status, refer to this table by CNET. It is best for users to check Heartbleed updates from listed affected websites to ensure personal information remains safe.