I just
thought it might be useful for you to know about Heartbleed bug. This is something to do with OpenSSL
cryptographic library, which is used by roughly two-thirds of all websites on
the Internet. Here is some thoughts about it.
What is the Heartbleed Bug?
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Heartbleed bug allows anyone on the
Internet to read the memory of the systems protected by the vulnerable versions
of the OpenSSL software. This compromises the secret keys used to identify the
service providers and to encrypt the traffic, the names and passwords of the
users and the actual content. This allows attackers to eavesdrop on
communications, steal data directly from the services and users and to
impersonate services and users.
Am I
affected by the bug?
You are
likely to be affected either directly or indirectly. OpenSSL is the most
popular open source cryptographic library and TLS (transport layer security)
implementation used to encrypt traffic on the Internet. Your popular social
site, your company's site, commerce site, hobby site, site you install software
from or even sites run by your government might be using vulnerable OpenSSL.
Many of
online services use TLS to both to identify themselves to you and to protect
your privacy and transactions. You might have networked appliances with logins
secured by this buggy implementation of the TLS. Furthermore you might have
client side software on your computer that could expose the data from your
computer if you connect to compromised services.
Learn
more about this, https://lastpass.com/heartbleed/
