One of the most serious security flaws that have affected the Internet in its history: Heartbleed. We explain what it is, why we can all be affected, and what measures you can take as a user, to protect yourself.
The most common security problems are always isolated failures of a website, a service, or a company. It happens with some frequency (more than we should or we want) that the data of the users of x platform is exposed, sometimes even billing data, and people end up losing their accounts, or simply stop trusting a service for not taking steps to prevent these types of problems. But…. Heartbleed is something much worse, it is a vulnerability that affects a large part of the Internet, not just a particular service.
First things first, we must understand what OpenSSL is:
OpenSSL is one of the most used cryptography libraries on web servers, and it is an open source project. Many websites (hundreds of thousands) of those that offer secure connections with SSL rely on the open library. You may have seen it, but you did not pay attention to the icon with a padlock that appears in the address bar, or the acronym HTTPS; both are symbols that we are accessing a secure site, and that the data exchange we do is being encrypted. A must in electronic banking to mention an obvious example. But used in email, social networks, and even a simple blog.
After reviewing OpenSSL now let’s talk about HeartBleed
What is HeartBleed?
Heartbleed is a very serious vulnerability that was discovered in OpenSSL. This flaw can allow information protected by SSL / TLS encryption methods to be stolen. The Heartbleed bug allows anyone to read the memory of systems protected by the version of OpenSSL that was affected.
Heartbleed compromises the secret security keys that are used to encrypt user traffic, user names, passwords, and streaming content. Multiple websites, email, instant messaging and even some VPNs have been affected.
Although the bug was reported on April 7, 2014, it had already been running for about 2 years, and during all that time, people with the necessary knowledge and without being able to be traced in any way could have been exploiting it.
This is why it is very important to be constantly changing your passwords it is a practice that we should take into account with or without apocalyptic security bugs. A good password is always important.
You can use the Heartbleed Bug Checker to check if a site has been affected by the vulnerability. If you receive an error message, it is likely that the site does not use SSL. Otherwise, there should be no false positives. You can also use the LastPass verification tool.
