Month: April 2014

Heartbleed Bug

natwells Leave a comment

hb
How did it happened?
  • Heartbleed bug is a buffer underflow-attack in OpenSSL. This version of OpenSSL view data as 64K, it reread the data over and over again, and keep sending the user 64K of what it’s thinking. This is very dangerous because in 64K of data, it might include the personal and private data of the user  inside.
Who got the effected?
  • Smartphone and tablets running version 4.1.1 of Android were in danger and couldn’t defend to these attacks. However, Microsoft’s and Apple’s system are still safe from these attacks. Beside this, some popular website such as Yahoo, Facebook, and Google are also affected by this attack.
What was the damage?
  • The hackers are able to steal the information from the remote server memory, not only that, they were allow to have many chances in keep trying to retrieve the information. Therefore, people who still kept their personal information such as username, passwords, credit card numbers, etc. in the memory when the hackers begin yo attack, are likely to have a high chance of being attacked.
How to prevent it or recover from it?
  • Do not log into accounts from afflicted sites until you’re sure that the company has heartbleed-lockpatched the program.
  • Change passwords of sensitive accounts (such as banks, emails) once you have got confirmation of a security patch.
  • Be aware and always check the bank account. This is very important because there is high chance that the attackers would be access to user’s credit card information. Therefore, if you don’t want to lose your money in your bank account, then you need to be careful and constantly checking it.
What did you learn from it?
  • By knowing the Heartbleed Bug, it helps us to be more careful and be aware from the 
    attackers. It also remind us to check t=our important account co
    nstantly, and also change the password of sensitive accounts suchas bank account or email.It’s always better to prevent and keep ourselves safe than wait till the attackers to attack and have to regret later.

Citation

  • ANDRADE, JOSE. “​What Is Heartbleed, Anyway?” Engadget. Engadget, 12 Apr. 2014. Web. 22 Apr. 2014.
  • – Lyne, James. “How Heartbleed Happened, The NSA And Proof Heartbleed Can Do Real Damage.” Forbes. Forbes Magazine, 14 Apr. 2014. Web. 23 Apr. 2014.
  •  Wagenseil, Paul. “Heartbleed: Who Was Affected, What to Do Now.” Tom’s Guide. TechMedia Network, 9 Apr. 2014. Web. 24 Apr. 2014.
  • Nieva, Richard. “How to Protect Yourself from the ‘Heartbleed’ Bug – CNET.”CNET. Cnet, 08 Apr. 2014. Web. 22 Apr. 2014.