If you haven’t already heard about the heartbleed security breach, heres the scoop. Heartbleed is a bug in the OpenSSL software program that takes advantage of a built-in feature called “Heartbeat”. Heartbeat allows servers to listen to requests and respond back with the appropriate information. For example, when someone is logging into a website, the website responds back by logging that user into their account. Normally, when a request is made, the server will only respond back with the amount of data that what was requested. However, this is not the case for servers that are effected by the Heartbleed bug. This bug allows hackers to retrieve more data than the original request, which means, hackers can gain access to the servers memory and retrieve information that was left behind by other users - such as usernames, passwords, cookies, and other sensitive information.
So who does this effect? Due to the popularity of OpenSSL, the Heartbleed bug effects almost everyone who uses the internet. Sites such as Facebook, Instagram, Google, Yahoo, Amazon, goDaddy, Netflx, and Dropbox, are some of the many companies that have been affected. Although many of these companies worked quickly to prevent breaches in their security, there is still no way of knowing if a hacker has gotten any of their information.
Now that the Heartbleed bug has been exposed, hackers may be trying to make a last attempt to gain user information. If you get an email from an official company providing a link to change your password, don’t click on the link! Instead, go directly to the companies website to ensure your security and avoid getting tricked by a spoof email.
To see more information on the full hitlist please review: http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/comments powered by Disqus