Recently the technological world has been up in arms over the new discovery of an incredibly damaging bug when found in the wrong hands, widely known by its nickname ‘Heartbleed’. The name derives from the origins of the bug, which was found in the OpenSSL’s implementation of the TLD/DTLS heartbeat extension. Officially the Heartbleed bug is known as CVE-2014-0160 but because of its presence in the heartbeat extension it is known as heartbleed, because of its function.
How was it found?
Heartbleed was in fact found by accident by a team of security engineers at Codenomicon working for Google Security. They were performing a routine test while developing a product known as Safeguard, where they would pretend to be hackers and would try to attack the Safeguard system to determine whether there were any flaws in the coding.
They discovered they could break through to access seemingly secure information without leaving any trace behind. This is how they found the bug that would eventually be known as Heartbleed.
What does the bug do?
True to its name the bug acts as a leak, and when exploited for nefarious means allows the leak of memory contents from the server to the client and from the client to the server, meaning that any websites or servers that are at risk may be exposing the entire contents of their servers to the internet, ripe for the picking.
What does this mean?
Many servers using OpenSSL could be at risk depending on the version they are using. Larger social media networks such as Facebook, Tumblr, and Instagram have been found to have been at risk, and this could mean the exposure of personal data to the wider web. Facebook in particular can store immense amounts of data on personal users, including their home address and their habits and interests, which can make it much easier for fraud to occur should attackers decide to target them.
Businesses using social media and other shared servers that use OpenSSL could also be extremely at risk, particularly if handling sensitive data. The bug basically allows anyone with the knowledge full access to the data and files located within the server, and can leave no trace of what it has taken or copied.
What is important to remember is that Heartbleed is not a virus, it is a bug. A virus is a malignant program that is normally created on purpose by individuals wishing to harm your computer or your data in some way. However a bug is something that occurs accidentally, normally a fault or error within the code of a programme or system that produces incorrect or unexpected results. In the case of heartbleed, the unexpected results were the free exchange of data that posed a serious security risk, and as such needed to be fixed as soon as possible.
If you fear your data may be at risk or you may have already had some secure data compromised, it is recommended that you change your passwords for the programs deemed at most high risk. Failing that you can always seek advice from a professional IT Support consultant.
Mike James is a freelance writer and tech geek from Sussex, UK. In his spare time he combines his interests to write for Technology Means Business, TMB, an IT support provider with offices in Hampshire, Essex and Kent.