Since the advent of the internet, there have been issues
regarding data security. Even with the advancement of technology, we are
still unable to secure our data or claim our sensitive information
being safe. Time and again there has been a threat to the online data in
the form of bugs and viruses released accidentally or intentionally.
One such recent threat was the Heartbleed bug.
Heartbleed is a security threatening massive bug found in the OpenSSL software library. This bug steals the protected information, through SSL/TLS encryption which is used to secure the Internet. To provide privacy and security, SSL/TLS encryption is used on the Internet for applications such as web, email, instant messaging (IM) and virtual private networks (VPNs).
This bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This results in secret keys being compromised. These secret keys are used by the service providers to identify the traffic and encrypt the name and password of the users, and the actual information.
The Heartbleed bug was termed catastrophic, as it tries to read more information or data than allowed. This resulted in data breach, affecting almost two thirds of the Web. As a precautionary measure users' accessing sensitive information or confidential information was advised to change passwords to avoid their accounts being hacked.
So what is the impact of Heartbleed bug?
- The data gained by a Heartbleed can include confidential information such as username, password, which will allow the hacker to impersonate as a user himself.
- The hacker after gaining the authentication information of the user can impersonate as a user and alter the victim's data, which results in a confidentiality breach provided by the service provider. (The Heartbleed can access the information until the old authentication details are maintained, that is until the password is changed or the private key is invalidated.)
- The data that is hacked can contain usernames and passwords, social security number, or credit card information, bank details, and many more.
The effect of Heartbleed was such that the Canada Revenue Agency shut down its electronic tax filing services as a preventive measure, considering the sensitive information that would come in online.
It looks like for now, the problem might have been resolved, but there is so much public data exposed on the Web, which can be potentially dangerous and a cause for concern in the future. In addition, the impact that Heartbleed bug has created, raises concerns about whether if we can hope to keep our data safe online.
Heartbleed is a security threatening massive bug found in the OpenSSL software library. This bug steals the protected information, through SSL/TLS encryption which is used to secure the Internet. To provide privacy and security, SSL/TLS encryption is used on the Internet for applications such as web, email, instant messaging (IM) and virtual private networks (VPNs).
This bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This results in secret keys being compromised. These secret keys are used by the service providers to identify the traffic and encrypt the name and password of the users, and the actual information.
The Heartbleed bug was termed catastrophic, as it tries to read more information or data than allowed. This resulted in data breach, affecting almost two thirds of the Web. As a precautionary measure users' accessing sensitive information or confidential information was advised to change passwords to avoid their accounts being hacked.
So what is the impact of Heartbleed bug?
- The data gained by a Heartbleed can include confidential information such as username, password, which will allow the hacker to impersonate as a user himself.
- The hacker after gaining the authentication information of the user can impersonate as a user and alter the victim's data, which results in a confidentiality breach provided by the service provider. (The Heartbleed can access the information until the old authentication details are maintained, that is until the password is changed or the private key is invalidated.)
- The data that is hacked can contain usernames and passwords, social security number, or credit card information, bank details, and many more.
The effect of Heartbleed was such that the Canada Revenue Agency shut down its electronic tax filing services as a preventive measure, considering the sensitive information that would come in online.
It looks like for now, the problem might have been resolved, but there is so much public data exposed on the Web, which can be potentially dangerous and a cause for concern in the future. In addition, the impact that Heartbleed bug has created, raises concerns about whether if we can hope to keep our data safe online.
No comments:
Post a Comment