‘Heartbleed’ security flaw compromises passwords, user data
A recently discovered security bug dubbed the “Heartbleed Bug” has swept across the Internet, allowing regular users with no privilege to access delicate information such as passwords, usernames and credit card numbers. This security bug has affected many websites, among these are Prezi, Instagram, Pinterest, Yahoo and Gmail.
The bug, a security flaw formally known as CVE-2014-0160, leads to memory contents from the server to the client and client to the server leaking out. What makes Heartbleed unique is that while most bugs in a single software are fixed by new versions, this bug has left large amounts of information exposed to the Internet, and cannot be traced.
While not everyone is affected by this bug, there is a large chance of being exposed and ultimately, exploited because the bug does not stop at the Internet. Droid users with software 4.1.1 and older are vulnerable to exploitation. Apple users are safe.
The Heartbleed bug has not been totally fixed, and information continues to leak. By changing all passwords, staying away from online shopping and checking for suspicious credit card activities, the Heartbleed bug may not claim as many more victims.
“I see [Heartbleed] as any other [bug],” Senior Toby Griggers said. “Exploits like these will always be found even if it takes a long time. That’s what hackers do.”