Heartbleed is a new security threat which adversely impacts the online safety of internet users worldwide. This threat can result into compromising of confidential information. This problem is limited to OpenSSL, a variant of SSL/TLS, but OpenSSL software is used by a large no. of websites.
This threat is believed to be a result of a programming error in OpenSSL software by Robin Seggelmann a German Software developer. About two years ago, he submitted new features of OpenSSL while working on its update. In one of the features, he forgot to validate a variable containing length and so did his coworkers. This essentially means that an opening is created in SSL/TLS, an encryption technology marked by the small, closed padlock and https: on Web browsers to show that traffic is secure. Another worry of the security experts is that this error had been unnoticed since past two years.
• This error makes it possible to snoop on Internet traffic even if the padlock is closed.
• Secured keys which are used for deciphering the confidential data can be accessed without the knowledge of owners.
• This can result into of compromising of emails, commerce applications and instant messages and other encrypted information.
• Anonymous persons can snoop information from computer server and steal information.
Though a new fixed version of OpenSSL has been released but now the individual website administrators are required to use this version and make required changes. On an individual level, one needs to change passwords, but the websites which are being used needs to implement the newer fixed version.
5 Tools which can help in securing online data
• Tor Browser
It encrypts total network traffic of your computer and help in browsing online anonymously.
• B1 Archiver
It helps in archiving and making the data password protected. Thus, it facilitates in sending confidential information in a routine manner.
This tool uses steganography to merge your data in a multimedia files. The receiver needs to use file password (shared by the sender) to read the file.
This tool is helpful in securing online chatting.
This tool helps in creating hidden volumes and encrypting hard drives.
Instagram, Tumblr, Google, Yahoo, Gmail, Yahoo mail, Amazon web services and GoDaddy were some of the major service providers.