Heart bleed virus

Users of Internet are being warned about the “heart bleed virus” (Exploitation of an unpatched bug in the Open SSL algorithm) which has the capacity to steal the passwords from your Bank accounts as well as email accounts, Facebook etc.

This virus affects sites which use the open SSL communication with a “https” connection and exploits a vulnerability in the protocol.

More information about the virus and its impact can be found here: http://www.darpanmagazine.com/news/tech/what-is-heart-bleed-bug-and-how-to-dodge-it/

I would like readers to check this site for taking some precautions: http://www.techloon.com/7-things-you-should-do-to-stay-safe-from-heart-bleed-bug/

The seriousness of the issue can be gauged by the fact that the experts are suggesting keeping off internet until a solution is available.

You can check if the sites you frequently visit has the heart bleed vulnerability through this test site.

https://filippo.io/Heartbleed/

Mobile users on Android application can consider downloading this app for security scanning

: https://play.google.com/store/apps/details?id=com.lookout.heartbleeddetector

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Crime. Bookmark the permalink.

2 Responses to Heart bleed virus

  1. krapesh says:

    Dear Sir,
    I would like to bring to your notice that, the term used ‘heartbleed’ is not a virus.!! it is infact a bug in the open SSL algorithm which can disclose the identity of the users, where the server uses the algorithm for encrypting the connection between 2 entities.
    i would also recommend another site apart from the site given above:
    https://www.ssllabs.com/ssltest/index.html
    this site scans more better than ‘fillipo’

    And if any site uses the Open SSl, algorithm which is unpatched for the ‘heartbleed’ then no matter what the length of password will be, it can be disclosed.
    The information about heartbleed is explained in more simpler words in the following link:
    http://security.stackexchange.com/questions/55343/how-to-explain-heartbleed-without-technical-terms

    refer the text after the cartoon, it explained nicely.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.