Thursday, August 28, 2014 | Updated at 1:11 AM ET

LATEST NEWS

OpenSSL Heartbleed Computer Virus Fix and Security: How to Protect Yourself from the Latest Internet Bug

  • Print
  • E-mail
First Posted: Apr 10, 2014 01:54 PM EDT
Heartbleed
(Photo : Wikimedia Commons)

The Heartbleed virus is the latest in a series of viruses that steal all of your personal information, and its widespread enough that it can be considered an epidemic. In this day and age, a computer virus is just as annoying as a biological virus. So, what is it, and what can you do to protect yourself from it? 

The Heartbleed bug is a bug in the open-source cryptography library, OpenSSL, which allows an attacker to read the memory of a server or a client, allowing them to retrieve, for example, a server's SSL private keys. Examinations of audit logs appear to show that some attackers may have exploited the flaw for 5 months before it was rediscovered and published. On April 7, 2014, it was announced that OpenSSL 1.0.2-beta, as well as all versions of OpenSSL in the 1.0.1 series prior to 1.0.1g had a severe memory handling bug in their implementation of the TLS Heartbeat Extension. This defect could be used to reveal up to 64 kilobytes of the application's memory with every heartbeat. Its CVE number is CVE-2014-0160.

The bug is exercised by sending a malformed heartbeat request to the server in order to elicit the server's memory response. Due to a lack of bounds checking, the affected versions of OpenSSL never verified that the heartbeat request was valid, allowing attackers to bring about inappropriate server responses.

Share This Story

Like Us on Facebook

The vulnerability has existed since Dec. 31, 2011, and the vulnerable code has been in widespread use since the release of OpenSSL version 1.0.1 on March 14, 2012. 

Affected websites include, but aren't limited to, Amazon, Soundcloud, Tumblr, Wikimedia, and Wunderlist.

So, according to Time Magazine, the best way to protect yourself against the virus is to go to this link and enter the site you want to visit to make sure it's "heartbleed safe." Ultimately, it's up to the site itself to fix the bug, if indeed it does have it. Changing your password isn't going to affect the site one way or another. 

© 2014 Latin Post. All rights reserved. Do not reproduce without permission.
Featured Video : #TapThatAppTuesday: It's Popcorn Time!
  • Print
  • E-mail

Join the Conversation

Subscribe to LatinPost!

Sign up for our free weekly newsletter for the latest in-depth coverage!

Watch This

Real Time Analytics