In today’s fast growing world of internet users, one really has to be careful about passwords, credit card’s information being used for online shopping. Such vulnerable security information can be hacked by an attacker at any given point of time. The recent attack of Heartbleed in April 2014, left most of the internet users across the globe speechless as it gained access to user’s confidential data such as login IDs, passwords and credit card information. This was due to one of the encryption program that resides in the server with which we communicate through our respective systems. This program is called OpenSSL. This is part of the encryption program which resides in the server and there is nothing one can do in such kind of attacks as it is the sole responsibility of the server owners to upgrade their softwares and security measures to remediate this security threat. Heartbleed bug makes one’s data vulnerable to the group of hackers and thus gain access to user’s email, messaging archives etc. making this attack a massive one.
OpenSSL is being used in approximately two-thirds of servers across the globe. We all were prone to this attack as the group of hackers had been scanning for servers that were using the OpenSSL program to communicate the user’s confidential data since long time. Heartbleed attack allowed the hackers to retrieve a block of memory by sending so called malicious ‘heartbeats’ as a response and surprisingly there are no restriction on the number of times of one can send these heartbeats to retrieve the memory. A heartbeat assures the server that the client is still online and communicating. It was a clean way to retrieve the vital info from the server without leaving any evidences. Most of our online programs were victims of this Heartbleed attack as it attacked tons of websites, emails, and also the instant messaging applications. This attack cannot be ignored as a trivial attack as IP phones, routers, medical devices, smart TV sets and embedded devices are also prone to this attack as these devices also use the OpenSSL technology for secure communication. In case if the website is vulnerable, one has to change the password and this is the least step one can take to make sure none of the critical information is being compromised.
This attack was fixed by the website operators by upgrading their vulnerable OpenSSL version to secured version, but this upgrade and fix for some complicated systems and servers is not an easy job and may consume some more time. As far as the attack in 2014 is concerned, the operators took necessary steps against this attack but the cyber security officials need to be on toe as the exploitation of this bug is still in progress.