Skip to main content

Heartbleed bug affects ‘almost everyone,’ expert warns

two apple airport base stations were vulnerable to heartbleed but have been patched bug
Image used with permission by copyright holder

Experts say the Heartbleed OpenSSL bug — a flaw in the network software meant to protect your data — may have actually allowed hackers to steal the very data it’s meant to guard. Think you’re safe from this obscure bug in OpenSSL, whatever that is? Think again. One expert noted that “almost everyone” uses it. 

“Given that over half of the world’s webservers use Apache, and Apache uses OpenSSL, the majority of people are using applications built on top of OpenSSL on a regular basis,” explained Steve Pate, the Chief Architect at cloud services company HyTrust.

The Heartbleed bug is a security hole discovered in OpenSSL, widely used network software that encrypts the sensitive data you input into many popular websites. The flaw allows hackers to steal data directly from the memory chips of servers all over the world, and has been in existence for roughly two years. Jean Taggart, a Senior Security Researcher at Malwarebytes, which makes popular anti-malware software, described it as an easy way for crooks to invisibly sweep up your data.

MORE: What is the Heartbleed Bug?

Prime Day Focus
These Razer Blade Prime Day deals really pack a punch [in gaming power]
Anker SOLIX Prime Day deals: This shopping guide highlights the best discounts
Send it! This HoverAir X1 Drone can capture your adventures and it's $120 off
Secretlab Prime Day deals: Build your ideal work-from-home or gaming station

“This vulnerability gives cyber criminals a method for collecting very sensitive information, like private encryption keys. If an adversary has extracted the private key through the Heartbleed vulnerability, they can impersonate the victim, and set up an undetectable man-in-the-middle attack,” Taggart said.

OpenSSL has a history of being vulnerable to attacks, Pate says, with the first flaw spotted by HyTrust back in May of 2009. However, Pate also notes that though OpenSSL 1.0.1 and 1.0.2-beta already have Heartbleed bug fixes available, if the affected versions are being used, the exploit may have already been used by hackers to swipe sensitive data.

 Taggart also explained that exterminating the security flaw will be no easy task.

“Fixing this bug will not be trivial, because even though security professionals can roll out an upgrade, many will not reset their certificates as this is a difficult and lengthy task. So if they were compromised prior to the announcement of the bug, their private keys might already be in the hands of adversaries, and their encrypted communications could be intercepted by third parties.”

MORE: Which websites are affected by the Heartbleed Bug?

Nathaniel Couper-Noles, a Principal Security Consultant at security firm Neohapsis, said that though there are workarounds and fixes available to combat Heartbleed, “the horse may already be out of the barn.”

“Many organizations aren’t instrumented to identify whether and where they’re vulnerable, the attack may leave no footprint discernable from legitimate traffic, and the consequences can potentially be long term,” Couper-Noles said. On top of that, Couper-Noles noted that there could be “hundreds or thousands of affected systems” across the world’s businesses.

At this point, changing your passwords is the best course of action you can take to protect yourself from the Heartbleed bug. On top of that, avoiding the webpages on this list of sites that are allegedly affected by the OpenSSL flaw is also highly recommended.

Image credit: http://www.wallpaperzzz.com

Konrad Krawczyk
Former Digital Trends Contributor
Konrad covers desktops, laptops, tablets, sports tech and subjects in between for Digital Trends. Prior to joining DT, he…
This Lenovo ThinkPad is usually $2,289 — it’s $629 for Prime Day
The third-generation Lenovo ThinkPad T14 laptop on a white background.

The true back-to-school shopping season is going to start soon, but that doesn’t mean working professionals shouldn’t be able to score great laptop deals on laptops too! Fortunately, one brand that always seems to have excellent promotions is Lenovo, and the company is putting its best foot forward with this amazing Prime Day deal on a ThinkPad. For a limited time, you’ll be able to take home the Lenovo ThinkPad T14 Gen 3 for just $630. At full price, this laptop usually costs $2,290, which is a whopping 72% off. Put that toward one or two other fantastic Prime Day deals, why don’t ya?

 
Why you should buy the Lenovo ThinkPad T14
For years, the Lenovo ThinkPad has been a tried and true workplace laptop, and the T14 is one of the best iterations of the portable PC. Equipped with an AMD Ryzen 5 PRO 6650U, integrated AMD Radeon 660M graphics, and 16GB of RAM, the T14 is built to deliver fast and reliable performance when you need it most. Whether you’re balancing spreadsheets between several programs or have a ton of browser tabs open with media playing in several, the T14 has got you covered!

Read more
This small change coming to the M5 MacBook Pro could mean much more
Apple MacBook Pro 16 downward view showing keyboard and speaker.

The M5 MacBook Pro isn't due out until 2025, but we're already hearing more about what new features might be coming to it. According to the analyst Ming-Chi Kuo, Apple will be using a new supplier for its camera starting in 2025.

As reported on by MacRumors, Kuo states in a Medium post that the Chinese manufacturer Sunny Optical will be taking the place of both LG Innotek and Sharp, the current suppliers used for MacBook Pro webcams.

Read more
Prime Day printer deals: laser, inkjet and photo printers
Best Prime Day Deals Printers

Even though a lot of content has gone digital, there's still a need for printers in the home and in the office, whether it's something as simple as printing a character sheet for your tabletop game, or an important PDF that you need to have a physical copy of. Of course, it's pretty well-known that printers and printer ink can get quite expensive, which is why it's a good idea to take advantage of these Prime Day deals on printers to save yourself an extra little bit of cash. We've collected some of our favorite deals on printers below, including inkjet, laser, and photo printers, for you to pick from. While you're at it, be sure to check out these Prime Day laptop deals if you're considering a PC upgrade to go with your new printer.

Best Prime Day laser printer deals

Read more