What is heartbleed virus / bug ?

Heartbleed virus / bug :

These days people are much talking about heartbleed virus / bug. Its actually not a virus. Heartbleed is a security bug in openSSL security certificate software. Not to go much into the technical specifications, OpenSSL SSL/TLS is a security protocol used for encryption for the secure internet. It provides the communication security, This is most widely used for online transactions by all most all the top companies and by e-commerce / secure websites.

What can be done with this heartbleed bug?

The persons who have knowledge of openSSL implementation and about this bug esp. hackers can do huge damage to companies who implemented this certificate. heartbleed bug compromises the privates keys and  allows entry to resources without credentials over internet and can steal data on the server like user id, passwords, sensitive information like credit cards etc.. This bug is considered as serious / critical vulnerability. The specialty of this bug is that it allows no track of intruder and no track of  what data is theft.
This bug provides a memory leak that can be connected from client to server and server to client.

heartbleed bug

Why the name heartbleed bug?

OpenSSL's TLS (Transport layer security) has this bug in heartbeat extension (RFC6520). So this bug is named after its heartbleed extension.

How are companies effected?

All most all the companies, vendors, websites and also all the operating systems use OpenSSL certificates for security on their servers. So this bug is a big threat for the resources on the servers. Also, no company knows whether their data is already got theft or safe.

How We / users effected?

All the ids, passwords, photos, videos and sensitive information like credit cards info are all stored on these servers which opted OpenSSL with this bug. So, our data is no more private or secure.

Heartbleed bug fix?

A fixed OpenSSL version has been released and ready for deployment.

But, the online blackhat community says that the bug is not completely fixed. This is terrorizing companies and users that no data is safe online.

What companies should do?

All the companies, software vendors, hosting providers should update their certificate to lated fixed openSLL immediately and notify this to all their users that their data is safe.

What should we /users do?

First thing is to change all your passwords and delete all the sensitive information details like card details stored online and in web mails and instant messengers. If you are technical /developer then you should enquire the web companies and hosting providers whether they are aware of heartbleed bug and implemented the new fixed version of openSSL.

For complete details of heartbleed bug visit http://heartbleed.com/

This is v important so please share this article with your friends to make them aware of this bug and say them to delete all the cards information stored in any website and to change the passwords regularly.

Let me know if you have any comments