Jagran Josh Logo

Heartbleed: A new security threat

Apr 11, 2014 14:14 IST

Heartbleed is a new security threat which adversely impacts the online safety of internet users worldwide. This threat can result into compromising of confidential information. This problem is limited to OpenSSL, a variant of SSL/TLS, but OpenSSL software is used by a large no. of websites.

This threat is believed to be a result of a programming error in OpenSSL software by Robin Seggelmann a German Software developer. About two years ago, he submitted new features of OpenSSL while working on its update. In one of the features, he forgot to validate a variable containing length and so did his coworkers. This essentially means that an opening is created in SSL/TLS, an encryption technology marked by the small, closed padlock and https: on Web browsers to show that traffic is secure.  Another worry of the security experts is that this error had been unnoticed since past two years.

Impact

• This error makes it possible to snoop on Internet traffic even if the padlock is closed.
• Secured keys which are used for deciphering the confidential data can be accessed without the knowledge of owners.
• This can result into of compromising of emails, commerce applications and instant messages and other encrypted information.
• Anonymous persons can snoop information from computer server and steal information.

image
Remedial Measures
Though a new fixed version of OpenSSL has been released but now the individual website administrators are required to use this version and make required changes. On an individual level, one needs to change passwords, but the websites which are being used needs to implement the newer fixed version.

5 Tools which can help in securing online data
Tor Browser
It encrypts total network traffic of your computer and help in browsing online anonymously.
B1 Archiver
It helps in archiving and making the data password protected. Thus, it facilitates in sending confidential information in a routine manner.
OpenPuff
This tool uses steganography to merge your data in a multimedia files. The receiver needs to use file password (shared by the sender) to read the file.
CryptoCat
This tool is helpful in securing online chatting.
TrueCrypt
This tool helps in creating hidden volumes and encrypting hard drives.

Instagram, Tumblr, Google, Yahoo, Gmail, Yahoo mail, Amazon web services and GoDaddy were some of the major service providers.

Is this article important for exams ? Yes41 People Agreed
Read more Current Affairs on: Heartbleed , SSL/TLS , OpenSSL , Robin Seggelmann

Latest Videos

Register to get FREE updates

    All Fields Mandatory
  • (Ex:9123456789)
  • Please Select Your Interest
  • Please specify

  • ajax-loader
  • A verifcation code has been sent to
    your mobile number

    Please enter the verification code below

Newsletter Signup
Follow us on
This website uses cookie or similar technologies, to enhance your browsing experience and provide personalised recommendations. By continuing to use our website, you agree to our Privacy Policy and Cookie Policy. OK