The Heartbleed Bug is an OpenSSL vulnerability that would allow malicious hackers to steal information from websites that would normally be protected by the SSL/TLS encryption. The open source OpenSSL cryptography library is used to implement the Internet's Transport Layer Security (TLS) protocol.
Named by the researchers who discovered the security flaw, the Heartbleed Bug theoretically lets anyone on the Internet access a secure Web server running certain versions of OpenSSL to obtain site encryption keys, user passwords and site content.
According to the official Heartbleed Bug website, OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable while OpenSSL version 1.0.1g patches the security flaw.
Heartbleed Flaw Creation and Bug Discovery
The Heartbleed bug was initially discovered by Google engineer Neel Mehta and the Finnish security firm Codenomicon. The security flaw was introduced in the open source OpenSSL encryption protocol by German software developer Robin Seggelmann. Since the flaw has become widely known, Seggelmann has said the bug was inadvertently missed by himself and another code reviewer and the bug was not inserted maliciously, despite online conspiracy theories concerning Heartbleed, such as NSA using the Heartbleed bug to spy.
The Heartbleed Bug in the News
Heartbleed Bug Rumors
RCMP asked Revenue Canada to delay news of SIN thefts
Heartbleed bug bites millions of Android phones
Heartbleed bug: What’s affected and what passwords you need to change
Tests confirm Heartbleed bug can expose server's private key
There are few documented cases of attacks exploiting the Heartbleed bug, but security experts warn that using the bug would leave no trace and all websites using the affected OpenSSL versions should be considered compromised.
While many large sites, including Google, Facebook and others were quick to note services were "safe" from Heartbleed, the public announcement on April 8, 2014 seems to have prompted attacks. The Canada Revenue Agency (CRA) shut down it public online services to patch for the flaw but before the fix was implemented the CRA said 900 social insurance numbers were stolen from CRA computers by persons exploiting the Heartbleed bug.
In another reported attack, UK-based parenting website, Mumsnet, also claims to have experienced a breach where the infiltrator claimed to have used Heartbleed to access an account. The site provided some details to its users along with instructions on how to reset site passwords.
Heartbleed: Beyond the Internet
The Heartbleed bug extends beyond the Internet. For example, mobile devices running the 4.1.1 Android operating system (released in 2012) have the Heartbleed software bug. All other versions are immune to the flaw, but this leaves millions of smartphones and tablets vulnerable. In addition, operating systems, including Debian Wheezy (stable), Ubuntu 12.04.4 LTS, CentOS 6.5, OpenBSD 5.3 and OpenSUSE 12.2 are versions that have shipped with a vulnerable OpenSSL version (see full list).
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...
Stay up to date on the latest developments in Internet terminology with a free newsletter from Webopedia. Join to subscribe now.
From A3 to ZZZ this guide lists 1,500 text message and online chat abbreviations to help you translate and understand today's texting lingo. Read More »Top Cloud Computing Facts
The following facts and statistics capture the changing landscape of cloud computing and how service providers and customers are keeping up with... Read More »
Java is a high-level programming language. This guide describes the basics of Java, providing an overview of syntax, variables, data types and... Read More »Java Basics, Part 2
This second Study Guide describes the basics of Java, providing an overview of operators, modifiers and control Structures. Read More »Network Fundamentals Study Guide
Networking fundamentals teaches the building blocks of modern network design. Learn different types of networks, concepts, architecture and... Read More »