How Heartbleed Bug Works

Leave a Comment



You might be reading about Heartbleed these days on Internet, in newspapers as it becomes the very popular word these days .


how heartbleed bug works


What is Heartbleed ?


Well, Heartbleed is the Bug. In simple words if I say then, it's a Security Vulnerability in OpenSSL Software that allows/let the hackers access the memory of the Data Servers and this simply means that it allows Hackers to steal your data. Now, your data is no more safe.

An Estimate has been came from NetCraft, that about 500,000 websites could be affected. That means the user's personal data on the Cloud/Server which includes there website, Username, Password, Credit Card Number etc everything is Potentially at Risk.

The Vulnerability also means Attacker/Hacker can or could steal the Server's Digital Keys that are used to encrypt Communications and get access to the company's Credential Documents.

You might be thinking for OpenSSL. So, SSL Stands for Secure Socket Layer which is sometimes also known as Transport Layer Security ( TLS ) . OpenSSL's basic task is to Encrypt the Information on the Web. 

Ultimately, OpenSSL is Open-Source Software for Implementing the Secure Socket Layer on the Web. There are Different Version of vulnerability are available for OpenSSL like 1.0.1 through 1.0.1f. You can read more about OpenSLL HERE !

Now, you might be thinking is Hearbleed is Really dangerous. Yes it is !

Recently, I got the Mails from the Massive Sites available on the Internet about Heartbleed and they asked me to Quickly change my Password and make it Strong.

how heartbleed bug works


how heartbleed bug works

Above I have Kept 2 Snap shot of my mail that i got from the Pinterest and tumblr . I guess we Shouldn't need to talk about there Popularity. But the thing is you can see because of Heartbleed they've asked to Change the Password Immediately.

Must Read :- [Exclusive] How To Hack whatsapp

Why it is Called Heartbleed Bug ?


Well, this is Because this bug is in the OpenSSL's Implementation of the TLS i.e Transport Layer Security HEARTBEAT extension RFC6520. When it is Used it Leads to Leak of Memory from Server to Client and Vice-Versa.

The another Reason it fit to Call " Heartbleed " because " It Bleeds out the Important Information from the Memory " .


Does all the Sites on Web are Affected ?


No, not all the sites on the web are affected because Although OpenSSL is very Popular then also there are other option available for SSL/TLS. As well, some Websites hasn't Upgraded the Latest Version. They Still Uses the earlier Unaffected Version and some didn't enable the HEARTBEAT Feature which was Central to the Vulnerability.


How Does the Heartbleed Bug Work ?


Well, the Vulnerability allows the Hacker to access upto 64 Kilobytes of Server Memory at a time, but they can Perform this attack many times again and again to get lots of Information. So, they won't just Steal your Username and Password But also " Cookie " Data that Web Servers and Browser use to track Individuals and  Ease Login.

By performing this attack repeatedly the attacker can get the site's Private SSL Key, Which is used to Encrypt the Traffic. With that Private Key one can Run the Fake Version of Website which will be Disastrous. If this happens then they can easily Steal your Private Information like Credit Card's details, Private Messages Everything !

You might be thinking Whether to change the Password and make it Strong or Not. Well, the answer is Yes, you Should. But, only after  the Confirmation from the Website that whether they've Fixed the Bug or Not. Because if the Bug hasn't been Fixed and though you are Changing your Password is Something like giving New Password to the Hacker's. So, simply if the Bug is not been Fixed Changing Password is Useless thing.

Many website are Still working on this Bug and some have already fixed it like Google, Facebook, Pinterest etc and they are contacting/Informing there user via Mails or some Other Medium to change the Password. 





0 comments:

Post a Comment