The advent of Heartbleed, a recent software bug, has thrown a new communication security challenge to the anyway vulnerable internet. The IT professionals dealing particularly with the Internet security protocols are expressing huge concerns on its functional span. While the experts are analyzing the exact potential of damage and the ways to counter the CVE (Common Vulnerabilities and Exposures), this has already been established that this bug is capable of breaching the SSL/TLS (Transport Layer Security) encryption and attacking the sensitive information.

How it Works?

Heartbleed (official reference id: CVE-2014-0160) directly affects OpenSSL (soundcloud to mp3 Sockets Layer), a software system that provides security for websites and their respective servers as it transfers and authenticates information like passwords in an encrypted or hidden format from the sender to the receiver(s). When a data (like chat, message, email, etc.) is accessed through OpenSSL, it creates a secured pipe for its uncompromised transfer. Alarmingly, the bug allows anyone to read the otherwise secured system memory, which includes securing passwords, messages, credit card numbers, emails, etc.

Why is it Called 'Heartbleed?'

There is a technical reason behind the unusual label. When a computer sends a request to a website, it responds with another message of the same length called a "heartbeat." It is called so since it informs the sender that the website is active and ready to receive requests-responses. When under siege, the website's heartbeat is altered and the response is unexpectedly different.

The Shocking Attacks

Some high-profiled security debacles this deadly intrusion may have executed include Facebook, Yahoo, and Google. Within the financial sector, American Funds and Venmo were breached. While Netflix, SoundCloud, YouTube, and Wordpress are not exempt from the virus, the websites, such as Instagram and Pinterest are also at risk. LinkedIn and Twitter appear to be safe, but changing your account passwords on these sites is highly recommended.

The Challenges

One of the biggest problems with Heartbleed is that it is not a computer bug, which can be disabled by an antivirus. Instead, it resides at the core of the secured data transport mechanism regulating the Transport Layer Security (TLS) and Secure Socket Layer (SSL) of the internet. The bug has even hit the applications employing client certificates to establish secure connections with the authorized users. Thanks to the bug, confidential information on several commercial and educational websites across the globe is now at potent risk. Researchers found that this bug spawned due to an inherent programming error in the internal code of OpenSSL software, resulting in access to the keys of the encrypted data in memory, also decrypting them into readable formats.