The Heartbleed exploit in some ways resembles Anthrax scares like the one that occurred 13 years ago. However, it ruins technological gadgets instead of threatening people. It also gives hackers increased access to personal data.
A new threat similar to Heartbleed reportedly affected Internet Explorer. News of this additional vulnerability became public on April 28th, 2014, or earlier. Since this second incident is so close in timing to the newsbreak about Heartbleed, some people might wonder if both threats are related.
What Exactly is Heartbleed?
This advanced threat weakens online OpenSSL encryption that normally scrambles private information. It also allows hackers to read the memory of systems from a remote location. It does so under the same conditions during which a computer is normally kept safe by data scrambling protocol.
In the process, Heartbleed makes individuals and businesses more vulnerable to identity theft. For instance, it compromises the security of people using certain websites, instant messaging programs, and virtual private networks. This worldwide infection is so serious that it even attracted attention from local television stations. A month later, media still warns people about the implications of it.
Concerning this threat, major companies such as Paypal, eBay, Facebook, or LinkedIn have keep accountable with customers. They reported whether or not their site was affected by the Heartbleed infection. In most cases, no problems occurred. However, this widespread bug still might reside undetected on sites who don’t realize it exists. But website developers who know how to make a domain secure can avoid vulnerability. Computer owners can also protect themselves.
Heartbleed Bug Origin
News of this exploit ran rampant as of April 1, 2014 about the time when Google first reported it. By the time a repaired OpenSSL release came out a week later, it had affected about a half a million secure Web servers. It resulted in unauthorized access to private keys and browser session cookies. Thieves also stole usernames and passwords upon noticing this security glitch.
Is Heartbleed Related to Recent Internet Explorer Exploits?
On April 28th, 2014, CNET generated a report about a new Internet Explorer browser bug. Information about this privacy flaw flooded the UK and the U.S. Further investigation might further reveal how closely this threat is related to recent Heartbleed exploits. For the time being, we all can assume anything is possible in this advanced computer age.
In the meantime, Internet users need to beware. Recently-announced IE security holes primarily affect Internet Explorer versions 9, 10, and 11 running on Windows Vista, 7 and 8. However, people need to watch out even if they use IE versions 7 or earlier. The people who still use XP also should beware, especially since Microsoft no longer supports this OS.
In any case, recent Internet Explorer browser threats even warranted government interference. One reason for this is because this new IE threat targets finance and defense organizations. The main geographical location hit is the United States, but any country may want to take caution in case it happens anywhere else.
More information is probably needed to further understand the specifics of this IE security hole. However, the public already knows that this threat can install malware on systems without the user realizing it. This may seem similar to how every new online exploit affects machines, and in many ways it is. The only thing that might make it different than any other system bug is its unfamiliarity.
In any case, this problem seems to deserve the media attention it already received. Likewise it must be serious enough of an issue to warrant public government announcement. Both the UK and the U.S. strongly urge people to use a different browser at least for now. However, Microsoft usually addresses issues like this as soon as they occur. Therefore, news of a fix is highly likely.
So, to answer this question: Recent IE threats may not be connected directly to Heartbleed. However, this attack mimics it. For instance, it leaves hidden threats undetectable by even some of the most tech-savvy engineers. In doing so, this bug creates a sophisticated unpatched security holes. In the process, hackers can use this exploit to steal credit card data, usernames and passwords, and hard drive information unlike most modern-day threats. Therefore, it leaves businesses and individuals vulnerable.
Further Exploration of Heartbleed-like Exploitations
This type of security violation is known as a “zero-day exploit.” This largely unknown threat is not yet patched by computer operating system developers. However, the reason it has not been fixed is because it’s so new. After an attack like this, developers usually work like mad to address the problem as soon as possible. This is true of repairs made to OpenSSL, and it’s also true of recent privacy fixes released by Microsoft. Most other operating systems also provide updates that protect people while online.
Free Versus Paid SSL Certificates – Heartbleed Risk
Web hosting companies typically sell SSL certificates to keep websites safe. Normally, this coding will give online visitors the peace of mind they need when shopping, reading or interacting online. It’s possible that these paid SSL certificates leave computer users less vulnerable than free security certificates.
However, if a free solution such as OpenSSL has earned the respect of people using the Internet, it can work just as well as premium versions. Of course, the main disadvantage – and possibly the greatest advantage — is the fact that it is an open source program. It’s nice to have free programs that perform as well as paid ones. However, this often means that anyone can enter into the programming code and change it because it’s a community-based effort.
In the case of OpenSSL, one of the persons in charge of this open source code did not notice the Heartbleed bug right away. It then infiltrated the Web and caused problems for people before programmers realized it existed.
Only time will tell if this problem would only affect free SSL technology. Chances are it might also affect the paid ones if website owners are not careful.
Advice for Computer Users
New threats surface all the time. Sometimes, they affect cloud-based applications and can affect all devices – computers, phones and tablets. However, some are targeted more toward traditional computing devices such as desktop and laptop PCS.
It’s important for computer users to realize this. They need to protect themselves at all times using the latest malware defense programs.
http://en.wikipedia.org/wiki/2001_anthrax_attacks (2001 Anthrax attacks)