While scrolling through by dashboard on tumblr yesterday, a certain blog post really caught my attention. The message was posted by the tumblr staff and read:
Bad news. A major vulnerability, known as “Heartbleed,” has been disclosed for the technology that powers encryption across the majority of the internet. That includes Tumblr.
We have no evidence of any breach and, like most networks, our team took immediate action to fix the issue.
But this still means that the little lock icon (HTTPS) we all trusted to keep our passwords, personal emails, and credit cards safe, was actually making all that private information accessible to anyone who knew about the exploit.
This might be a good day to call in sick and take some time to change your passwordseverywhere—especially your high-security services like email, file storage, and banking, which may have been compromised by this bug.
You’ll be hearing more in the news over the coming days. Take care.
I decided to further research what this bug actually is and what it is capable of.
As tumblr mentioned in their post, Heartbleed allows for attackers to gain access to peoples important and private information. This bug is recognized as a very serious problem because researchers believe it has been present for the past two years but for some reason has not been detected until recently. Codenomican is a firm based in Finland that helped detect the bug. The firm recently spoke out about the bug and confirmed some of the dangers it proposes, “We have tested some of our own services from attacker’s perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication,” (The Washington Post.)
Heartbleed has especially proposed problems for OpenSSL, which is widely used by Web server software. An estimated two-thirds of Internet users rely on OpenSSL. OpenSSL is used for email security, virtual private networks and chats.
Experts are advising web users to change their passwords in order to protect their private information.
For me, it’s hard to believe that something like this is even possible. Whenever I am on my email or accessing any type of banking information, I always feel reassured by that little green lock that appears in the corner of my screen. I had no clue that breach like this could be so powerful and access the most private information.
Bever, L. (2014, April 09). Major bug called ‘heartbleed’ exposes internet data. Retrieved from http://www.washingtonpost.com/news/morning-mix/wp/2014/04/09/major-bug-called-heartbleed-exposes-data-across-the-internet/
Phillips, J. (2014, April 08). ‘heart bleed’ bug imperils web encryption; passwords, credit card numbers at risk. Retrieved from http://www.theepochtimes.com/n3/609175-heart-bleed-bug-imperils-web-encryption-putting-passwords-credit-cards-at-risk/
Liedtke,Jesdanun, M. (2014, April 09). passwords vulnerable after security flaw found. Retrieved from http://www.usatoday.com/story/tech/2014/04/08/passwords-vulnerable-after-security-flaw-found/7486623/