Hey guys, we are going to be looking at the internet stunner
bug populary known as the Heartbleed. Yeah, a lot of you guys have been
hearing about it so I would like to make the name make a meaning to you today
and for those of you who know about it already, I guess you just going to be
adding to your already acquired knowledge.
The Heartbleed Bug is
a serious vulnerability in the popular OpenSSl cryptographic software library.
This weakness allows stealing of our ‘so called’ protected information. SSL/TLS
protects our information under normal conditions by provides communication
security and privacy over the internet for applications such as web, email, i.m,
and some virtual private networks.
The Heartbleed Bug allows anyone on the internet to read the
memory of the systems protected by the OpenSSl software. This compromises the
secret keys used to identify the service providers and to encrypt the traffic,
the names and passwords of the users and the actual content. This allows
attackers to eavesdrop on communications and steal data directly from the
services and users to impersonate services and users
Unluckily for us, unlike other bugs that come and go, same
thing has been done to this particular bug with the release of a newer version but
it leaves a big scar on the internet because it has left amount of private keys
and other secrets exposed to the internet.
As long as the vulnerable version of OpenSSl is in use it
can be abused. Fixed OpenSSl has been released and now it has been deployed.
Operating system vendors and distribution, appliance vendors, independent
software vendors have to adopt the fix and notify their users. Service
providers and users have to install the fixes as it becomes available for the
operating systems, networked appliances and software they use
Google security researcher Neel Mehta was the first to
discover Heartbleed though it has been found that the Hearbleed flaw has been
in in OpenSSl for two years. The Bug was introduced to OpenSSl in December 2011
and has been out in the wild since OpenSSl release 1.0.1 on the 14th
of March 2012. OpenSSl 1.0.1g released on 7th of April 2014 fixes
the bug
According to Google all android version are immune to the
Heartbleed bug except for jelly bean 4.1.1. So if what google says is anything
to go buy, about 10 million users of the Android OS would be affected.
My heart is currently bleeding from the effect of Heartbleed
*winks*. Please guys let’s try to quickly upgrade our phone’s OS in time.
Please remember to drop your comments and subscribe.
No comments:
Post a Comment