The Heartbleed vulnerability is a programming error in the OpenSSL cryptographic library. The bug enables attacker to acquire sensitive information, including usernames, passwords and secret encryption keys. The Heartbleed vulnerability can be exploted without users’ interference, and private data can be acquired in chunked of 64kb at a time. Officially, Hearbleed is named CVE-2014-0160. Affected versions include OpenSSL version for 1.0.1 to 1.0.1f and 1.0.2-beta. The Heartbleed bug is unique because it is easy to exploit and no trace is left.
The Heartbleed vulnerability involves the Heartbeat extensions. Affected users should upgrade to OpenSSL 1.0.1g.
OpenSSL is used by various Internet services, including email service providers and forums. The OpenSSL Project was founded on 1998 in order to create encryption tool, which are known to be used by two-third of web servers. OpenSSL is be used to protect governmental websites, commercial websites, software distribution websites, and the like. It has been estimated that there are about 1.4 million vulnerable web servers. Service providers should fix the bug with the Heartbleed patch and encourage users to change their passwords. The password should be chanced only when the fix is implemented. If you have a Facebook, Instagram, Pinterest, Tumblr, Google, Yahoo, Etsy, GoDaddy, Flickr, Minecraft, Netflix, SoundCloud , or a YouTube account, you should change your login password. It is not clear whether Facebook has been affected because no suspicious activities have been detected; nevertheless, it is advisable to update your passwords in order to prevent data leaks.
As regards mobile operating system, Apple iOS and Microsoft Phone do no incorporate OpenSSL, whereas BlackBerry reports BlackBerry phones are not affected. As for Android, it has been reported that Android 4.1.1 is affected.
It is highly advisable to change account password periodically and to use complex passwords. According to Microsoft, Microsoft Account, Office 365, Yammer, Microsoft Azure and Skype and not affected by the Heartbleed vulnerability.
The issue of the Heartbleed is claimed to have been known to the U.S. National Security Agency, which denies this proposition. Reportedly, the NSA does not comment the report about the vulnerability and denies the allegations of being aware of the vulnerability.
Heartbleed is regarded as one of the biggest glitches in the Internet’s history. For example, the Canadian government prompted to suspend electronic tax filing.