How to Protect Yourself From the Heartbleed Bug or Attack
Are you aware of Heartbleed Bug or not? If not, then this article is for you only. Well this is a very new bug out at the Internet and exposing everything about a user or website. Actually The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. So lets read its prevention and other info below.
How it Works?
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
Why it is called the Heartbleed Bug?
Bug is in the OpenSSL's implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server.
How to Check your Site If they are are Vulnerable?
1.) First of all check if the sites you use every day on an individual basis are vulnerable to Heartbleed bug or not using http://filippo.io/Heartbleed/, and if you're given a red flag, avoid the site for now.
2.) LastPass also created a Web app that will tell you what kind of encryption a site uses, and when the encryption was last updated.
3.) Provensec also created a scanner at http://provensec.com/heartbleed/
4.) GlobalSign SSL Configuration Checker.
STEPS TO PROTECT YOURSELF FROM HEARTBLEED
- First Change your passwords. ALL of them. This article from Mashable will get you started.
- As long as you’re changing passwords, use this opportunity to start using different passwords for every site. It’s really easy with LastPass, which has a terrific free version. A password utility like this will securely generate, store, and enter passwords for you. Once you’ve used it for a week, you won’t want to go back to memorizing all of your passwords or using the same password on multiple sites (Heartbleed shows just how dangerous that can be).
- Never reuse same passwords again in the future.
- OpenSSL version 1.0.1 through 1.0.1f and 1.0.2-beta1 are Vulnerable and flaw is fixed in OpenSSL 1.0.1g. If you haven't yet, please update your system that use OpenSSL for TLS encrypted communications.
- It is good to use the two-factor authentication, which means with the password, the account requires a freshly generated pass code that shows up only on your personal Smartphone, before getting into certain websites for financial transaction.
That’s it! Enjoy and Be Safe. Any Comments are welcomed below.