Heartbleed bug affects ‘almost everyone,’ expert warns

two apple airport base stations were vulnerable to heartbleed but have been patched bug

Experts say the Heartbleed OpenSSL bug — a flaw in the network software meant to protect your data — may have actually allowed hackers to steal the very data it’s meant to guard. Think you’re safe from this obscure bug in OpenSSL, whatever that is? Think again. One expert noted that “almost everyone” uses it. 

“Given that over half of the world’s webservers use Apache, and Apache uses OpenSSL, the majority of people are using applications built on top of OpenSSL on a regular basis,” explained Steve Pate, the Chief Architect at cloud services company HyTrust.

The Heartbleed bug is a security hole discovered in OpenSSL, widely used network software that encrypts the sensitive data you input into many popular websites. The flaw allows hackers to steal data directly from the memory chips of servers all over the world, and has been in existence for roughly two years. Jean Taggart, a Senior Security Researcher at Malwarebytes, which makes popular anti-malware software, described it as an easy way for crooks to invisibly sweep up your data.

MORE: What is the Heartbleed Bug?

“This vulnerability gives cyber criminals a method for collecting very sensitive information, like private encryption keys. If an adversary has extracted the private key through the Heartbleed vulnerability, they can impersonate the victim, and set up an undetectable man-in-the-middle attack,” Taggart said.

OpenSSL has a history of being vulnerable to attacks, Pate says, with the first flaw spotted by HyTrust back in May of 2009. However, Pate also notes that though OpenSSL 1.0.1 and 1.0.2-beta already have Heartbleed bug fixes available, if the affected versions are being used, the exploit may have already been used by hackers to swipe sensitive data.

 Taggart also explained that exterminating the security flaw will be no easy task.

“Fixing this bug will not be trivial, because even though security professionals can roll out an upgrade, many will not reset their certificates as this is a difficult and lengthy task. So if they were compromised prior to the announcement of the bug, their private keys might already be in the hands of adversaries, and their encrypted communications could be intercepted by third parties.”

MORE: Which websites are affected by the Heartbleed Bug?

Nathaniel Couper-Noles, a Principal Security Consultant at security firm Neohapsis, said that though there are workarounds and fixes available to combat Heartbleed, “the horse may already be out of the barn.”

“Many organizations aren’t instrumented to identify whether and where they’re vulnerable, the attack may leave no footprint discernable from legitimate traffic, and the consequences can potentially be long term,” Couper-Noles said. On top of that, Couper-Noles noted that there could be “hundreds or thousands of affected systems” across the world’s businesses.

At this point, changing your passwords is the best course of action you can take to protect yourself from the Heartbleed bug. On top of that, avoiding the webpages on this list of sites that are allegedly affected by the OpenSSL flaw is also highly recommended.

Image credit: http://www.wallpaperzzz.com

Computing

Firefox 66 is here and it will soon block irritating autoplay videos

Do web advertisements have you frustrated? Mozilla is here to help. The latest version of the browser will soon block autoplaying videos by default and will also help make web page scrolling smoother.
Mobile

Apple's iOS 12.2 brings support for Apple News Plus and new AirPlay 2 features

After months of betas, the final version of iOS 12 is here to download. The latest OS comes along with tons of new capabilities, from grouped notifications to Siri Shortcuts. Here are all the features you'll find in iOS 12.
Computing

Worried about your online privacy? We tested the best VPN services

Browsing the web can be less secure than most users would hope. If that concerns you, a virtual private network — aka a VPN — is a decent solution. Check out a few of the best VPN services on the market.
Mobile

Google Fi: Phones, plans, pricing, perks, and more explained

Google's wireless service, formerly Project Fi, now goes by the name of Google Fi, and it's now compatible with a majority of Android phones, as well as iPhones. Here's everything you need to know about Google Fi.
Computing

You don't have to spend a fortune on a PC. These are the best laptops under $300

Buying a laptop needn't mean spending a fortune. If you're just looking to browse the internet, answer emails, and watch Netflix, you can pick up a great laptop at a great price. These are the best laptops under $300.
Computing

Dodge the biggest laptop-buying mistakes with these handy tips

Buying a new laptop is exciting, but you need to watch your footing. There are a number of pitfalls you need to avoid and we're here to help. Check out these top-10 laptop buying mistakes and how to avoid them.
Computing

Amazon sale knocks $200 off the price of 13-inch MacBook Pro with Touch Bar

If you always wanted to buy a MacBook Pro but found it a bit too expensive, now is your chance to save. A base version of the 13-inch MacBook Pro with Touch Bar is currently on sale at Amazon for $1,600.
Computing

Keep your laptop battery in tip-top condition with these handy tips

Learn how to care for your laptop's battery, how it works, and what you can do to make sure yours last for years and retains its charge. Check out our handy guide for valuable tips, no matter what type of laptop you have.
Computing

Is it worth spending more for the Surface Pro, or is the Surface Go good enough?

The Surface Go vs. Surface Pro — which is better? While the higher price tag of one might make you think it's an easy choice, a deeper dive into what each offers makes it a closer race than you might assume.
Computing

Apple’s 4K 21.5-inch iMac is now $200 off if you pre-order it

Apple's new iMacs are now available and if you pre-order one from B&H you can get the midrange version for $200. That's a near 20-percent saving on one of the most competitive configurations.
Emerging Tech

Microsoft’s latest breakthrough could make DNA-based data centers possible

Could tomorrow's data centers possibly store information in the form of synthetic DNA? Researchers from Microsoft have successfully encoded the word "hello" into DNA and then back again.
Computing

Own an Asus computer? Malware might be hiding in your system

If you own an Asus computer, your system might have been infected by malware distributed from the tool you typically use to update the BIOS and install other security patches, according to a new report by cybersecurity firm Kaspersky Lab.
Computing

The new Windows 10 File Explorer could look like this in 2020

Microsoft may update Windows 10's File Explorer to adopt Fluent Design principles in an upcoming 2020 update. A report suggests that we'll get our first glimpse at the new-look explorer in upcoming Windows Insider builds.
Computing

Hands-on with Microsoft Chromium Edge: A first look at the early release

We installed a preview of Edge Chromium, and there's now a lot that makes it feel Chrome, but there are also some similarities to the old Edge. So, is the new Chromium Edge the best browser ever? Here's a hands-on look.