How about leaving your front door open while away for two years. It will be a golden opportunity for any thief to clear the house of any valuables. This is exactly what has happened in cyber security. OpenSSL, a fundamental cryptographic software library, which is used by most of the servers around the world has been found to have a big security hole and anybody with this knowledge had almost two years to steal any sort of data from emails to e-banking from servers the servers of major service providers including banks and sensitive installations.
The cause of the breach is a bug that has been named as ‘Heartbleed’ which was found in OpenSSL. It was easy and traceless to use this bug to breach the software systems. A fix has already been made but no one knows the amount or magnitude of the breaches thus leaving users in a big mystery. The bug was initially identified by Google’s Neel Mehta. A blog post is available which explains the threat and answers some questions about the bug and what have been the security vulnerabilities for last two years.
What might be leaked are divided into four categories: 1) primary key material which means encryption keys; 2) secondary key material which refer to user credentials such as user name and password; 3) protected content which defines the actual content of the vulnerable services from emails to banking; and 4) collateral which means all other data in the memory that was available to the hackers.
The big question is what shall be done by you as a user. A Tor Project blog post suggests:
“If you need strong anonymity or privacy on the Internet, you might want to stay away from the Internet entirely for the next few days while things settle.”
Whereas, Tumblr suggests changing passwords for all services as is evident in the following:
Google, Apple, Microsoft and all major e-banking services appear to be safe according to The Verge. This website allows end users to check whether a website is vulnerable to the bug or not.
This is a stark warning about the effectiveness of cybersecurity and the level of potential threats that such breaches expose us to.