OFFICIAL SECURITY BLOG
April 10, 2014 | BY Jovi Umawing
[Update April 14, 2014 06:00 AM] We updated the list of services at the end of this post to include recently discovered tools and suggestions by some of our readers.
When someone in your family who’s probably not as computer and internet savvy as you starts asking you about Heartbleed, you know that this online threat has hit mainstream.
If hackers take advantage of this, they can retrieve encryption keys that can be used to decrypt sensitive information that users would normally protect or keep private, such as email exchanges, IM chat messages, usernames and passwords and credit card numbers.
This bug has reportedly been around for two years, but was only recently found and made public by a Google Security researcher and Codenomicon, the company behind Heartbleed.com, an informative FAQ site devoted to educating and addressing major queries from curious and concerned netizens.
It may seem that this flaw can only be exploited from the server side; however, nothing can be further from the truth.
“Vulnerable OpenSSL implementations on the client side can be attacked using malicious servers to extract passwords and cryptographic keys ,” A security professional with the SANS Institute told The Register. “It’s an attack that would probably yield handy amounts of data if deployed against users of public Wi-Fi hotspots, for example.”
Like online providers who are affected by Heartbleed, internet users are also asked to mitigate possible threats brought about by the bug before it’s too late.
We have below a handy list of services you may find useful to protect your system and your privacy:
If you have other tools or site sources in mind that you think we should include in the list, please leave us a comment.