Cryptographic software library which contains the prevalent OpenSSL has been threatened by severe susceptibility known as The Heartbleed Bug. This can cause theft of information which would otherwise remain confidential in normal cases by the use of encryption i.e. SSL/TLS for protection on the Internet. SSL/TLS offers communication privacy and security towards the Internet based application like Instant messaging, email, web and Virtual Private Network.
The Heartbleed bug lets anybody on the Internet to read the systems memory which is protected by susceptible version of the OpenSSL software. This settles the secret keys used in the identification of the service providers and encryption of the web traffic, passwords and names of the users and the authentic content. It lets the invaders to copy services and user. Eavesdropping on communications and data thefts from the services.
Without a leaving any slightest hint an attacker can attack from outside, also the attacker required no confidential information or authorization to manipulate the secret keys, which are used for X.509 certificates, email, instant messages, user name, passwords, commercially important documents and communication.
Until the susceptible version of Open SSL is in practice it can be abused. The released Fixed Open SSL must be deployed. This fix has to be adopted and the user must be notified by their software vendors, appliance dealers, Operating system vendors and distributors. On availability of the fix users and service providers have to install it to the system, software, and networked appliances.
Proactive step against Heartbleed Bug
Make sure not to use the same user name and password for numerous websites. The password is synonyms to a key, if there was only a single key for all the locks we used then it would be very convenient. But if this key is lost to thief then it would mean free access to all the locks we use.Thus using same logins for online website is like having a single key for every lock. The large websites were quick to safeguard against the Heartbleed bug, but the smaller website may not be protected.Consider if the smaller website which you use has been compromised and you use the same logins for the larger website then it does not help even if the larger website has already fortified from the bug.
Do not use a simple password. A secured password is a combination Lower and Upper case letter, numbers and special characters. Longer the password the better it is. If you wish you may use a password generator which you find is use full.
Be alert regarding scams. The Heartbleed bug news is like fuel to the fire from the attacker’s perspective. Large number of fake email message is send, stating user to change the password. These messages are known as Phishing messages and can be very difficult to stop. If you get the message asking you to reset the password, make sure you do not click on any of the links given in the email. Rather you have to type the address into your browser.
Any online account must be watched on regular basic, and now after the Heartbleed bug issue more focus should be towards the online bank accounts, emails etc.