Unless you have been living under a stone for the past week, you will undoubtedly have stumbled upon something called The Heartbleed Bug. It has been called the single biggest security threat to ever inflict the avant-garde internet.
Explain it to me?!
At the root of Heartbleed is encryption; unless you are an I.T professional, a geek or simply intrigued by security in general you probably won’t know what encryption is, but in simple terms think of it as a series of secret symbols or a whole secret language used between 2 people.
The internet, being the glorious web of all things knowledgeable – and less so as well – employs a set of protocols for security and encryption that are generally knows as Security Socket Layer (SSL) and its heritor Transport Layer Security (TLS).
The prevailing employment of SSL and TLS is a set of open tools called OpenSSL. Don’t be alarmed; more than 66% of the internet runs on OpenSSL. This might be the first time you are acquainted of OpenSSL but you probably come across it on a daily basis.
Is OpenSSL 100% secure?
What would occur if OpenSSL was inflicted by a glitch? What if those secret keys you have shared with only the server were suddenly prone to be accessed by any 3rd party? Get ready for this; what if this glitch was completely and utterly undetectable? We don’t mean to scare you, but that is Heartbleed in plain terms!
This fault is designed in such a manner that given enough time and energy, an abundance of information can be accessed by somebody, all the while you and the server you are communicating with would never know.
The most horrendous aspect of the whole thing is that the flaw has been around since December 2011, thus meaning that a multitude of software packages have started using the vulnerable version of SSL in May of 2012.
This means that for the past two years, any website, applications, private messaging services or banks that run OpenSSL have indeed been exposed. Technically, it’s a very hard thing to fix, and it’s not sufficient for IT professionals to just patch copies of OpenSSL that are running on their websites, apps and devices. Also, any digital certificates issued before the patch have to be authenticated and deemed safe.
So is Zoolz bleeding?
This horror-like story does have a happy ending to it; luckily for our users, ever since we’ve launched Zoolz, our goal was to make sure their files and data were 100% safe from any forms of internet glitches and hiccups. Even though Amazon, the infrastructure used by Zoolz, has issued
a fix as swiftly as they could, Zoolz is uninflected by the whole thing because our service uses an immaculate OpenSSL version. Thus meaning any hacks or vulnerabilities are fated to find no light.
Don’t get “heart-broken”
First and foremost, make sure the provider you are interested in testing has either updated to Patch Heartbleed, or already has safe servers to start with.
Since we believe in the empowerment of the end user, we hope this article will equip you with enough knowledge to set aside any potential risks. So, to recap; if the service provider proved to be compromised, the server admin is obliged to reissue the OpenSSL certificate and keys using the fixed version of OpenSSL. Only then you ought to change your account details (such as your passwords).
If you are eager to verify a website, follow these simple steps paying attention to the OpenSSL certificate issue data:
Click the Padlock icon in the Navigational Toolbar → View Certificate
click the Padlock icon → Connection → certificate information
Click the Padlock icon in the Navigational Toolbar →More Information →Security tab → View Certificate
Validity shows that it is issued on 02/04/2014 and expires on 01/07/2014
Due to this Heartbleed bug, it is recommended that SSL certs are updated ASAP such as implemented by Google, as seen from above.
Yes, it is that simple; don’t be too petrified of big terms on the internet. While it might be great to have a panic mode on; so as many websites hurry to fix any loose ends, the highly legitimate websites will always remain secure regardless of how grave the hacks may become.