The Heart Bleed blog went viral the moment it was acknowledged by security experts as a legitimate threat to such mainstays like Google, Yahoo!, Tumblr, and Facebook. Regular netizens were bombarded with suggestions from various websites where they had a registered username and password to change their password immediately. The Heart Bleed bug sounds like a coronary parasite destined to expose and bleed out your arterial and in many ways that’s exactly what it does to sensitive internet information.
How the Heart Bleed Bug Works
The Heart Bleed bug was discovered in the OpenSSL software. OpenSSL is open-source code intended to help make the internet more secure. It’s so widely used that when Heart Bleed was exposed everything from Facebook to Google to the Canadian Tax Authority had to advise their users or shut down entirely.
The OpenSSL has a feature called a ‘heartbeat’ where one computer will send out a ‘ping’ to another computer to check if its still online. Hackers can use this ‘heartbeat’ to trick a server into sending back its memory—enabling them to access all kinds of sensitive information from a computer they’d never laid an eye or a finger on. Perhaps the scariest part of this bug is that it is untraceable. There is no log made for a ‘heartbeat’ access so hackers could’ve accessed any information at anytime without anyone being the wiser.
Heart Bleed’s Repercussions
What makes the impact of Heart Bleed so difficult to track is due to its untraceable nature. There are no definite answers. It is impossible to know what servers may have leaked information at what time. So while the bug may be overblown and infrequently accessed, it’s also possible Heart Bleed could’ve been exploited to great harm to netizens.
While some attribute Heart Bleed to government agencies and spy networks utilizing the bug to track persons of interest, most experts believe it was simply a faulty part—but one that compromises every piece of the whole. While the true repercussions may never be known, the looming threat weighs heavily on the commercial sector of the internet where sensitive information may have been hacked at any point in the past year and a half.
About the Author:
Hi, my name is Blair Thomas and I’m a passionate electronics payment expert who started eMerchantBroker.com in 2011. My company helps high risk businesses lock down the high risk merchant account they need to do business. Check out the eMerchantBroker YouTube Channel for more info on their services.