Updated: 17 April 2014
The Heartbleed bug is making headlines people!
CNN Money reported yesterday that a teenager (19 year old) was able to exploit the Heartbleed bug to hack into Canada’s tax agency, the Canada Revenue Agency. Stephen Arthuro Solis-Reyes was arrested by the Royal Canadian Mountain police in Ontario after he managed to steal the social insurance numbers of around 900 tax payers.
The Canada Revenue Agency and Canadian law enforcement authorities have been working round the clock to secure Canadian cyberspace ever since news of the Heartbleed bug and the resulting the weakness of the internet came out.
Assistant Commissioner Gilles Michaud of the Royal Canadian Mountain police stated that they are “working tirelessly over the last four days analyzing data, following leads, conducting interviews, obtaining and executing legal authorizations”.
This teenager was detected and therefore caught. Reports are awaited to confirm if other attacks have gone unnoticed in the past. After all, the Heartbleed bug was apparently around for two years before it was finally identified.
The Huffington Post recently interviewed security expert Marc Rogers from Lookout (mobile security firm based in San Francisco, dealing in Computer software, Security software and Mobile Security). According to Rogers, simply changing your passwords is not enough if you are an Android user.
According to Rogers, “The whole device is vulnerable, so you should be cautious about the kind of sites you use. I’d be cautious about doing banking on your phone”.
You put your Social Security and Credit Card details at risk when you conduct online transactions without using a tunneled and encrypted connection. Google has published a patch that is supposed to protect Android users against the Heartbleed bug, but an Android OS update is still being awaited.
Reuters confirmed that American Funds has asked its customers to change their passwords in light of the security threats posed by the Heartbleed bug. American Funds is the US’s third largest mutual fund management conglomerate, the Capital Group Companies. Some customers have also been advised to ensure frequent deletion of browser history and to change their security questions.
OpenSSL patches are coming out by the dozens, but the Heartbleed bug has been around for two years and it will be some time before the true extent of the damage will become visible. Make sure you only download and install authentic patches and software updates.
First of all if you have not reset your passwords before 7 April, 2014, reset them immediately; all of them!
More than 306 million Android users around the world are in danger. These include devices by HTC and Samsung amongst other Android phone manufacturers. All hell has broken loose thanks to a major flaw being called Heartbleed.
The security bug is the worst thing ever to happen to the internet. Because of the Heartbleed bug, your login credentials (user name and password) and session cookies are in danger of being stolen. The internet is safe again thanks to the patches and updates that came out soon after news about the Heartbleed bug made headlines (Change your login credentials nonetheless), but Android users are still not safe.
Android users (using Android 4.1.1 or older), along with iOS users (iPhone, iPad, etc) must now wait for service providers to come out with patches for handheld devices and smartphones. Yes, a patch is required to upgrade out of the danger zone that has been created by the Heartbleed bug. You cannot wait it out. This is not a storm that shall pass without consequences.
Related Article: 5 Best Android VPNs to Secure your Android Device
Smartphone users have two options:
Option 1 – Wait until the next software update/patch is released
Option 2 – Reset your password and install a VPN to encrypt your data
Tumblr has asked its users to change their account passwords in face of the terribly viral bug that exposed a terrible website server weakness. The Heartbleed bug makes websites vulnerable at the programming level. Simply put, OpenSSL was the most widely used and most secure encryption method, until Heartbleed hit it hard and made it useless.
As news about the Heartbleed bug spreads, the race between the good and evil is on. Websites and cellular service Operating sSystem developers are struggling to beat cybercriminals as all the cybercriminals in the world they make an attempt to penetrate the weakened OpenSSL and tap into your internet traffic.
If you think cybercriminals are the only threat that has resurfaced with renewed motivation as a result of Heartbleed, think again! Reports are still awaited so as to confirm or deny the allegation about National Security Agency (NSA) might but there are rumors that the NSA may have known about Heartbleed for two years now and may have been silently exploiting it all along.
There is no way to be sure what loopholes are making you vulnerable on the internet. If the NSA did indeed know about the Heartbleed bug two years ago then there is no knowing what other security and privacy loopholes are still undetected and in global use. Your best bet is to use a VPN.
Even though Heartbleed started out as a server-side bug, the vulnerabilities it has unearthed are scary. Cybercriminals and the NSA search for backdoors and loopholes in the Operating systems in your Android and iPhones, and they stay very very quiet when they find them. A VPN is the ideal solution for bugs that you cannot identify – such as Heartbleed.