This Monday, a bug in OpenSSL, revealed by security researchers at Codenomicon an independent security firm and also at Google, is named Heartbleed. Two third of the active world wide websites are compromised by this security flaw.
Referring to Heartbleed, Bruce Schneier a security expert wrote in his blog post this week:
On the scale of 1 to 10, this is an 11.
The so-called bug was revealed on Monday, and it’s quickly considered as a biggest security vulnerability in computer history.
So, what is Heartbleed?!
Heartbleed is a catastrophic bug found in OpenSSL version 1.0.1 and 1.0.2-beta:
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users.
Frankly speaking, the tools used to protect your data as it circulates over the net have a breach. Private data (passwords, card numbers, etc) is encrypted, turned into secret code and sent over the Internet, so that hackers cannot access it. But exploiting Heartbleed allow hackers to decypher the code and get their hands on your emails, passwords, messages, cryptical documentation, and communication.
That’s the quick picture on the vulnerability.
From our side, we have updated, double checked and tested to make sure JoomlArt is safe from Heartbleed. Up to this point, we strongly believe none of JoomlArt account has been compromised.
So how can you know if a site is vulnerable and how to protect yourself?
- If you are a site's owner using OpenSSL, please update the fix immediately with OpenSSL version 1.1.0g.
- Make sure and check all the sites you visit frequently on whether or not they have been impacted by the breach either with this service made by Filippo Valsorda; or, install this Chrome extension, Chromebleed, it will give warnings when you visit a site that has been affected.
- Check carefully your bank account and credit card for unusual transaction, since the hackers can use your information for their purposes.
- If you still feel nervous and insecure, it might be best to go offline for a few days, wait until things are fixed.
We are continuing in the alert mode against Heartbleed as well as other possible vulnerability and are on tops of our things. We suggest you to keep calm and keep tuned in for news and updates on the threat.