Getting Personal With The “HeartBleed” Bug

Up to a week ago, people all across the Internet thought their personalised passwords were safe enough to keep their individual data locked. Up till the Heartbleed bug, or also known as CVE-2014-0160, crawled out; a new major security vulnerability in the OpenSSL software that can allow hackers to intrude a server’s memory base to attain private information such as usernames, passwords, and credit details.

The implications were extremely severe as several key digital platforms were affected, such as Facebook, Instagram, Google, Yahoo, Amazon, Flickr, Dropbox, YouTube, and American Funds. (For a full coverage of the companies involved, click here!) Statistics show that around 50,000 websites were at risk, and beyond customer data, these websites are also risking their internal, encrypted company communication documents.

According to the Guardian’s article earlier, Robin Seggelmann, a programmer who worked for the OpenSSL project from 2008 till 2012, is responsible for the glitch. He reportedly submitted the code at 11.59pm on New Year’s Eve 2011, and said, “I am responsible for the error… because I wrote the code and missed the necessary validation by an oversight.”

Security firm Codenomicon and Google researcher Neel Mehta first discovered the bug, and Mehta has since then donated his $15,000 reward to the Freedom of the Press Foundation to aid the development of journalistic encryption tools.

Companies are currently in the midst of patching the bug, and encourage consumers to not change their passwords before the bug has been successfully patched for that specific website. The reason is that even if you keep changing your password before the problem is fixed, you will only be giving your new password information to the hackers.

Sources: http://www.cnet.com/news/heartbleed-bug-what-you-need-to-know-faq/

http://www.theguardian.com/technology/2014/apr/11/heartbleed-developer-error-regrets-oversight