A recently discovered bug found in many websites have allowed individuals to obtain SSL/TLS encryption keys, which is allowing unwanted guests to access confidential information stored by Web sites.
Deemed the Heartbleed bug, the bug is considered to be one of the largest of all- time and has left millions at risk.
The name of the bug comes from the exploit used by individuals to access secure encryption keys by using an exploit in the heartbeat extension of transport protocols used by many sites.
The ability for hackers to access encryption information is troubling because it allows for confidential user information to be accessed. This confidential information ranges from user passwords to private communications amongst individuals.
While it is often common for Internet bugs to be reported and exploited, Heartbleed is different from the norm. What makes Heartbleed unique is that it has been left open for exploitation for an extended period of time ranging across many years.
The exploit also cannot be detected by Web sites, so there is not an estimate of how often or if the exploit has been used by malicious individuals.
What this bug presents to the internet is a stealthy method to obtain the most confidential of user material without a single trace of abnormal account activity.
The question many have now is what Web sites have been affected and should users change their passwords. Though it should be noted that not all sites using openSSL were affected by the bug, it is only those of a certain degree.
Websites who have already reported to have fixed the vulnerability include Instagram, Tumblr, Google, and Yahoo. This means that users who have Google or Yahoo! accounts should change their passwords, including Gmail users.
Facebook has reported they are unsure if they were vulnerable to the bug but highly recommend that users change their account passwords to be safe.
The other information that is unclear at this time is if any of these exploited sites were actually exploited by hackers. Since the bug leaves no trace or anomaly on the website, there is no clear cut way to tell if people have had their information stolen.
Saint Xavier students are in a unique situation because of the fact that all the students have a Gmail account for their school email. This vulnerability caused by the Heartbleed virus can cause trouble for many students, since Google’s services were found to be vulnerable because of the bug.
While Google has released a statement saying that they had caught the bug early and users do not need to change their passwords, network security analyst Juan Munoz stated, “You can never be too safe with changing your password for sites, no matter if a vulnerability has been detected.”
Munoz also stated that most companies and Web sites today use individuals deemed “blackhats” to help search for exploits in online infrastructure, but the cost and time involved is substantial.
“New exploits are found everyday and it’s difficult for companies to keep up, since they have to consistently release updates to patch them,” stated Mr. Munoz when discussing the challenges in actively stopping exploits from being used to obtain private user information.
The best step now for students at Saint Xavier would be to play it safe and change their passwords for most of their online accounts.
Students can also find more information on all the Web sites exploited by searching for more extensive lists of what Web sites have been exposed by the bug.
While it is still too early to tell how many or if anyone has been affected, the Heartbleed bug shows yet again that security on the Internet is not always full proof.
Jake Alleruzzo
News Correspondent
About Post Author
