Suppose if someone spying on you from two years and you totally unknown about it. Is it possible? but it seems to be true about Heartbleed bug. Because yesterday an security flown in SSL (Secure Sockets Layer) has been found. Before digging in to this issue, first we must be aware of it's essential knowledge.
What is SSL / TLS?SSL is a secured layer between Client and Server. Server is a apex computer which serves the information to the his children computers, known as clients. To protect communication between them by adding additional secured layer is main motto of SSL. It means no other computer with unauthorized access could be access to the information being distributed among the authorised entities. This protocol was developed by Netscape. And same way TLS is short for Transport Layer Security.
How SSL Protects the data?
SSL uses cryptographic system that uses two key to encrypt the data. First is Public key and another is Private Key. As a public key is known to everyone but a private key is known to the recipient of the message. Whenever any communication takes between secured entities, the all data have been encrypted which is only decrypted by the authorised entities (i.e. server and clients).
'A' is server and 'B' is client, if they are using SSL encryption and a hacker 'X' tried to trespassing into their system. Then he could be found nonsense information, which is meaningful to A and B (see following illustration).
So, the information being protected from the trespassers or hackers. Many website obtains this standard to protect the confidential data, such as credit card / debit card information, confidential datas and personal profiles.
What is Heartbleed Bug?
In the above para, we learned that the information passing through the secured layer is protected and being hidden from unauthorised entities. But, Heartbleed Bug allow to access to digg information from SSL layer which was protected by vulnerable version of OpenSSL software. OpenSSL is the open source encryption standard used by the majority of sites on the web.
How to protect myself from Heartbleed Bug?
Since it's presence from past 2 years, you are likely to be affected directly or indirectly. If you have done any transaction with social networking website, banking websites, mobile-DTH recharge website or government websites. You should change the password immediately where privacy and security are main concern. Major service provider should already be updating their systems and alerting for the same via emails and SMS.
Thanks to Neel Mehta, a Google Security researcher, who first reported this flaw.