Heartbleed 

Since yesterday, you may well have heard about Heartbleed, yet perhaps you’re still not clear about what is or how it could affect you.

Communications of the main Internet services, such as webmail, social networks, online banking, etc. are encrypted in order to protect the transmitted data (bank details, passwords, etc.). Some of these services use an OpenSSL library to encrypt communications, and a security flaw has been detected in this library.

 

What is Heartbleed

The technical part goes something like this: The module that allows open connections to be reused (or ‘keep-alive’) contains a security hole which, if exploited maliciously, could allow attackers to repeatedly access 64K of memory.

Despite this, there are at least two bits of good news:

  1. The first is that any attackers would not be able to choose which part of the memory they access, though it is still likely that they would obtain passwords from the Web services that use this library.
  2. The second is that there is already a library available that fixes this bug.

 

Practical advice regarding Heartbleed

For the moment, as ordinary users, there is little you can do. Panda Security nevertheless offers the following advice:

  • Keep an eye on the main Web services you use, as they will announce when the vulnerability has been corrected on their systems. Until then, it is not safe to log into the service.
  • Once they have done this, change your password.

Do you want to know how to set stronger passwords?

 

Note: Many thanks to our colleagues Luis Fernando Regel and Josu Franco for explaining what Heartbleed is and what we can do about it 😉