is not a country and western song, but many wish it were. It’s a programming
glitch with the potential to cause disastrous and widespread compromises on
seemingly secure data.
some estimates, the flaw in the heartbleed code has allowed hackers to collect
personal data, including passwords, undetected, for as long as two years.
Exactly how much data has been breached, and what the total damage will be, is
still under assessment, but the media hype suggests it is substantial.
Moreover, one has to wonder if this glitch may be connected to the recent data
compromises at Target and other organizations. Fortunately, the fix is out, but
it may take a while for everyone to apply it to their systems.
makes this “bug,” for lack of a better term, so dangerous is that it is not
some super-complex, self-morphing, Mensa-level, mega virus. In fact, it is not
really a virus or bug at all. It simply exploits a somewhat overlooked
programming mistake in the “heartbleed” part of certain versions of OpenSSL.
this case the code vulnerability allows anyone on the Internet to read the
memory of the systems running vulnerable versions of the OpenSSL software. The
fix, according to Dmitry Bestuzhev, head of the research center, Kaspersky Lab
Latin America, is quite simple and is included in the OpenSSL 1.0.1g version. Read more.