What is an SSL bug?
The SSL or Secure Sockets Layer is a protocol specifically developed to transmit private information to and from the server you are currently logged in. For an average user this is what stands between getting their information protected or not. Find out more about SSL in a nutshell, and what’s actually in jeopardy, and read on to be in the now, and to protect yourself from being harmed.
A protocol bug is an error that appears somewhere in between the communication of the SSL that will create open entries for anyone who can notice those bugs.
“Heartbleed”
This small little bug caused a lot of commotion and a lot of fear in the online world. A simple mistake in coding paved the way for this bug to exist, and worst of all to be abused by hackers. Because the SSL protocol fails to keep information encrypted and secured, hackers could gain access to critical information.
Why it is called the Heartbleed?
Because, it is in the TLS/DTLS (transport layer security protocols) of heartbeat extension (RFC6520). Codenomicon, a Finnish security company discovered the Heartbleed bug, although they did not mention when. Some news sources state that the bug has been around for more than two years now. Moreover, nobody noticed it until recently, which means that a lot of potentially severe information has already been stolen and misused. However, there is a FAQ page you can visit to find out more about securing your Internet surfing.
What will it steal?
When it is exploited it leads to the leak of memory contents. Mainly the private key file of a certificate. With this, hackers can login to the server with actual authentication (no need to bypass any security) and there will not be any logs created either. So it is impossible for the system admin to trace the source of this infection/breach. That is why it is dangerous.
Are we all affected?
Fortunately, no, most companies and websites that have been upgraded to the latest versions of SSL protocols are affected the most. The majority of businesses tend to lag behind major upgrade, fortunately for them in this case; however, that does not mean they are not being compromised differently.
The quickest solution is to switch over to the new upgrades immediately, because the new patches are meant to deal with this issue. Nonetheless, any website dealing with SSL should be considered attacked or compromised.
Unless new security measures introduce you as a consumer should not yet do anything to minimize the damage; unfortunately, even if you did anything in the current situation, your new information would be still leaked. It is better to sit tight and wait for security updates.
What to do next?
Fixes and patches are already being applied to all the major websites, but it will take some time until they figure out the damage and what can be done in order to protect their regular netizens. For now, as Cloudflare suggested their customers they should try to practice safe web surfing. Actively logging out, not leaving any crucial information on any suspicious looking websites, and generally trying to bring Internet activity to a minimum until the issue is dealt with.
There are few sites developed to check this bug infection.
LastPass has developed a site called Heartbleed Checker and filippo.io have a link in it where you can enter the URL of any website to check whether it is safe or not to log in. Although this method is not utterly secure, it will give you at least an idea where it is safe to click.
Useful advice
Most of the major websites and servers agree that you should wait for any official announcement regarding a security update, which means that until the websites are fixed, you should refrain from doing any risky activity.
Only change information online after it has been confirmed that you are safe to do so, until then whatever new password you would provide will be stolen once again. And to be even safer, avoid any business over the Internet to further minimize damage.