Welcome to TechDiscussion Forums


Your one stop community for Technical Assistance


  •  » Need latest Tech Updates?
  •  » Looking for Windows Troubleshooting?
  •  » Want some optimization Tips for Smartphone?
  •  » Or any other Technology discussion?

...You have come to the right place!


we will try to help you with your problem.


YES! I want to register an account for free right now!


p.s.: For registered members TechDiscussion.in is free of ads

Results 1 to 3 of 3

Thread: All about Heartbleed bug and its Infection

  1. #1
    Respected Members TD Tech's Avatar
    Join Date
    Nov 2011
    Posts
    391

    All about Heartbleed bug and its Infection

    Heartbleed bug is the latest security threat that affects about 500,000 Web sites around the globe. What it is ? Where it came from ? What it does ? Is my site Safe ? This are the common question that run into your mind when you read the first line. I am going to give you as much detail possible in a more precise and simple way. So that even a layman can understand and figure out whether he/she land in the infected zone or not.

    Hearbleed is not actually a virus/worm/malware but it is a vulnerability. It is a feature of Open SSL. Whenever you open a website like your banking site, the site will respond your pc back showing that it is active. This is heartbeat. And this is also a security hole or exploit. And this is in OpenSSL cryptographic software library. It is open source. This exploit let a hacker to enter into the memory of a data server. Server means your hosting providers, mail service provider, search engines, banking sites etc. They can access the m memory and get vital information from that. Any website who uses SSL can fell prey. User information, password, bank details, credit card details, etc are at risk.


    That's not all it does. Hackers can take benefit of this exploit and also access digital keys. This keys are stored in server and are used as a identification to commnicate between large enterprise. This means a outsider can now access important company information. This all things are at risk. Before this exploit was discovered Open SSL is considered as secure.

    The bug does not means every hacker in the world knows about it. It was discovered by a security firm and then a news is displayed around globe indirectly informing everyone. One thing this security firms must do is secretly pass on information to take necessary steps. In this way if every exploit shows up, then this will keep on triggering new problems.

    •   Alt Ads!

      TechDiscussion
       

  2. #2
    Respected Members TD Tech's Avatar
    Join Date
    Nov 2011
    Posts
    391

    Re: All about Heartbleed bug and its Infection

    SSL or Secure Sockets Layer is a kind of protocol which used for encrypting information. That means locking it. So this is a kind of protecting stuff. For example if you open your Gmail account you can see the url http turns to https. Whenever there is a https then it means that site or server is using SSL. It is implemented around the web and many sites are using it. There are banking sites, government sites, etc who are using SSL. This vulnerability is detected in version between 1.0.1 to 1.0.1f. The bug keeps a connection open that can help hackers to pull out data. This connection just remain constantly open. Your site might be not affected.

    There is a reason for that. Your server will be using some other SSL/TLS solution. And some old website also stay out of this. Manipulation of this exploit can result in serious damage. So it is very important for all institutions to take care of this. A hacker can access a part of server memory again and again to draw to maximum information. It requires special skills. Not all hackers can do it. This needs a really expert mind and lots of patience. Once the hackers as the SSL key which is used to encrypt traffic the hacker as the front door key to your confidential information. The hacker can use the key to generate fake websites and get more details. I think banking institution will be responsible for any user loss if they had not updated their server after news about Heartbleed is out.

  3. #3
    Respected Members TD Tech's Avatar
    Join Date
    Nov 2011
    Posts
    391

    Re: All about Heartbleed bug and its Infection

    To stay on the safer side you can go online and there are few Heartbeat testers. Scan your site or system through that. For android also there is a Hearbleed scanner available which can be downloaded from here. Download and test whether this bug is still active in your device. Precaution is always better than cure. You can also find the list of vulnerable websites online. So that you can skip visiting them. Just click on this link https://zmap.io/heartbleed/ to get a updated health report. You can get the list of sites which are vulnerable.

    There is no way to stop it. The vulnerability is available in Open SSL and it can be exploited. The fix is yet not provided. If you found that your site or system or device has this bug the first thing you must do is change your password. Try to use a more powerful one. You can contact your bank or company site and ask them for measure to be taken to keep your data/account safe.

Similar Threads

  1. How to fix Heartbleed Bug on Android devices
    By Affleck in forum Smartphone & Portable Fixes
    Replies: 3
    Last Post: 16-04-14, 10:00 AM
  2. How to find out if Phone is affected with Heartbleed
    By AntiSec in forum Smartphone & Portable Fixes
    Replies: 3
    Last Post: 15-04-14, 05:22 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


About TechDiscussion

    TechDiscussion.in is an Open Source Community to provide latest information from Technology World, provide instant help for users tech related issues, we provide free downloads for your Computers, Smartphones, and more...

Follow us on

Twitter Facebook youtube RSS Feed Flickr DavianArt Dribbble