So, are you covered by the pile of news related to the recent buzz of the OpenSSL security loophole named “Heartbleed”? Oh definitely yes, so many things have been happening round the corner since this news got exposed to millions of not only websites but people. Heart bleed has become a paranoia for almost each of the active internet users and that is majority of the population is under that glitch. While surfing about this vulnerability over the internet and after have been discussing some majors regarding this “BUG” I came across so many myths people uphold and because of which people are almost scared to death regarding their exposure to the internet. So, let me unfold you the reality after the each paranoia being passed on by the people.
HeartBleed Paranoia #1: Heartbleed is a virus
As I have mentioned above it’s just a security BUG, i.e. an OpenSSL bug and not any virus. It is simply a coding error in the encryption protocol which is been used by various sites. It is supposed to be the security in our OpenSSL when our site name has got “HTTPS” protocol instead of the “HTTP”. So, it is indeed a bug and an error which was left open and which was able to drive any confidential data of any user once login.
HeartBleed Paranoia #2: Only websites are affected
Well there is no space of doubt that the servers and routers became vulnerable to a huge amount of data leak leading to a security breach into the systems. But they were not the only target because the clients who communicate over this massive and giant web through devices like phones and laptops were equally exposed to this bug also known as “Reverse HeartBleed”. This means that the data stored in the device’s memory card can be grabbed easily by this bug.
“Typically on the client, the memory is allocated just to that process that’s running. So you don’t necessarily get access to all the processes,” David Chartier, CEO of Codenomicon (The co-discoverer of Heartbleed asserted). He also appended that “But you can still leak contents of emails, documents and logins.”
HeartBleed Paranoia #3: Hackers can easily peep inside your belongings
Well, it is but obvious for any layman to think of such kinda error to have got a higher amount of vulnerabilities for hackers. But that is not the case with the heart bleed. Though it is one of the most ir-responsible bug a coder could ever make, it is not so handy for hackers. Heartbleed cannot have the control and gain over your smartphone or other devices by the direct use of Heartbleed. It is assumed that if Heartbleed could have tunneled into the Mobile OS like iOS and Android than Android 4.1.1 might have been the exception. But in real iOS and Android are unaffected. BlackBerry said that the BBM for Android and iOS is indeed vulnerable to Heartbleed. Though it won’t be able to peer into phone’s memory but it’ll be easily able to expose the unsecured chats. Currently BBM is about to launch its update to fight the bleed.
HeartBleed Paranoia #4: Windows XP was shut down due to this Bug
Well, we all know that Microsoft recently shut down the XP and it is just a mere coincidence kept into consideration. Infact it’s a completely different dome of security with Microsoft and the regular internet users. Because Microsoft has got their own security i.e. an encryption method known as Secure Channel or say SChannel. So there is no space for Microsoft to be susceptible to Heartbleed. But the Widows Azure users who run Linux in Microsoft’s cloud service are the exception because the cloud service relies on OpenSSL. Microsoft urged its users to contact their distributers for getting the updates over the same. And yes of-course there is news-of-relief for Apple users as Mac OS X is not vulnerable to Heartbleed.
HeartBleed Paranoia #5: Banks are also the victim of HeartBleed
Totally a hyped statement, isn’t it? I know the situation when this BUG named Heartbleed was declared in each and every media, people started to rush to their banks for asking whether there accounts and especially their money and other investments are safe or not. Being a very serious security flaw like this it is obvious to dive into a panicking state but there is no point of worry. This bug cannot enter to your vaults and open them on virtual basis. So, there are no glitches with the banks too. Rest yourself and enjoy the day, your money is sound and safe.
On this Federal Financial Institutions Examination Council (FFIEC) jotted “financial institutions to incorporate patches on systems and services, applications, and appliances using OpenSSL and upgrade systems as soon as possible to address the vulnerability.”