Heartbleed bug affects ‘almost everyone,’ expert warns

two apple airport base stations were vulnerable to heartbleed but have been patched bug

Experts say the Heartbleed OpenSSL bug — a flaw in the network software meant to protect your data — may have actually allowed hackers to steal the very data it’s meant to guard. Think you’re safe from this obscure bug in OpenSSL, whatever that is? Think again. One expert noted that “almost everyone” uses it. 

“Given that over half of the world’s webservers use Apache, and Apache uses OpenSSL, the majority of people are using applications built on top of OpenSSL on a regular basis,” explained Steve Pate, the Chief Architect at cloud services company HyTrust.

The Heartbleed bug is a security hole discovered in OpenSSL, widely used network software that encrypts the sensitive data you input into many popular websites. The flaw allows hackers to steal data directly from the memory chips of servers all over the world, and has been in existence for roughly two years. Jean Taggart, a Senior Security Researcher at Malwarebytes, which makes popular anti-malware software, described it as an easy way for crooks to invisibly sweep up your data.

MORE: What is the Heartbleed Bug?

“This vulnerability gives cyber criminals a method for collecting very sensitive information, like private encryption keys. If an adversary has extracted the private key through the Heartbleed vulnerability, they can impersonate the victim, and set up an undetectable man-in-the-middle attack,” Taggart said.

OpenSSL has a history of being vulnerable to attacks, Pate says, with the first flaw spotted by HyTrust back in May of 2009. However, Pate also notes that though OpenSSL 1.0.1 and 1.0.2-beta already have Heartbleed bug fixes available, if the affected versions are being used, the exploit may have already been used by hackers to swipe sensitive data.

 Taggart also explained that exterminating the security flaw will be no easy task.

“Fixing this bug will not be trivial, because even though security professionals can roll out an upgrade, many will not reset their certificates as this is a difficult and lengthy task. So if they were compromised prior to the announcement of the bug, their private keys might already be in the hands of adversaries, and their encrypted communications could be intercepted by third parties.”

MORE: Which websites are affected by the Heartbleed Bug?

Nathaniel Couper-Noles, a Principal Security Consultant at security firm Neohapsis, said that though there are workarounds and fixes available to combat Heartbleed, “the horse may already be out of the barn.”

“Many organizations aren’t instrumented to identify whether and where they’re vulnerable, the attack may leave no footprint discernable from legitimate traffic, and the consequences can potentially be long term,” Couper-Noles said. On top of that, Couper-Noles noted that there could be “hundreds or thousands of affected systems” across the world’s businesses.

At this point, changing your passwords is the best course of action you can take to protect yourself from the Heartbleed bug. On top of that, avoiding the webpages on this list of sites that are allegedly affected by the OpenSSL flaw is also highly recommended.

Image credit: http://www.wallpaperzzz.com

Emerging Tech

Awesome Tech You Can’t Buy Yet: 1-handed drone control, a pot that stirs itself

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!
Computing

Here’s how to install Windows on a Chromebook

If you want to push the functionality of your new Chromebook to another level, and Linux isn't really your deal, you can try installing Windows on a Chromebook. Here's how to do so, just in case you're looking to nab some Windows-only…
Computing

Will Chrome remain our favorite web browser with the arrival of newest version?

Choosing a web browser for surfing the web can be tough with all the great options available. Here we pit the latest versions of Chrome, Opera, Firefox, Edge, and Vivaldi against one another to find the best browsers for most users.
Mobile

We tried all the latest and greatest smartphones to find the best of 2018

Smartphones are perhaps the most important and personal piece of tech on the planet. That’s why it’s important to pick the best phone for your individual needs. Here are the best smartphones you can buy.
Computing

Should you buy the affordable MacBook Air, or is the MacBook Pro worth the price?

Though they both share Retina Displays and similar keyboards, there are still some specs differences and other changes which distinguish the new 2018 MacBook Air and MacBook Pro. In this guide, we stack the two up against each other.
Computing

Want to save a webpage as a PDF? Just follow these steps

Need to quickly save and share a webpage? The best way is to learn how to save a webpage as a PDF file, as they're fully featured and can handle images and text with ease. Here's how.
Computing

After a month of bugs, the Windows 10 October 2018 Update is finally here

After more thoroughly investigating and resolving all bugs and related issues, Microsoft is announcing the Windows 10 October 2018 is again rolling out to consumers starting today, November 13. 
Computing

Installing fonts in Windows 10 is quick and easy -- just follow these steps

Want to know how to install fonts in Windows 10? Here's our guide on two easy ways to get the job done, no matter how many you want to add to your existing catalog, plus instructions for deleting fonts in the process.
Computing

Changing file associations in Windows 10 is quick and easy with these steps

Learning how to change file associations can make editing certain file types much quicker than manually selecting your preferred application every time you open them. Just follow these short steps and you'll be on your way in no time.
Emerging Tech

New simulation shows how Elon Musk’s internet satellite network might work

Elon Musk has the dream of building a network for conveying internet traffic via thousands of satellites. A new simulation created by a computer scientist looks at how feasible the idea is.
Computing

A dead pixel doesn't mean a dead display. Here's how to repair it

Dead pixel got you down? We don't blame you. Check out our guide on how to fix a dead pixel and save yourself that costly screen replacement, or an unwanted trip to your local repair shop.
Computing

Great PC speakers don't need to break the bank. These are our favorites

Not sure which PC speakers work best with your computer? Here are the best computer speakers on the market, whether you're working with a tight budget or looking to rattle your workstation with top-of-the-line audio components.
Computing

Printing to PDF in Windows is easy, no matter which method you use

Microsoft's latest operating system makes it easier than ever to print to PDF in Windows, but there are alternative methods for doing so, even if you want to forgo Adobe Acrobat. Here's how.
Computing

These are the 5 best free antivirus apps to protect your MacBook

Malware protection is more important than ever, even if you eschew Windows in favor of Apple's desktop platform. Thankfully, protecting your machine is as easy as picking from the best free antivirus apps for Mac suites.