For days now, you might have noticed a number of posts on your social media feeds about a certain "Heartbleed Bug."
We all ignored it as we picked our noses and nonchalantly declared, "Ano na naman ba yang bug-bug na yan? Mas matindi ba yan sa I Love You virus?"
A Google search reveals that the thing isn't a virus.
And further reading reveals that the Heartbleed Bug is, put in the simplest of terms, a vulnerability in the way you communicate securely with websites.
To illustrate, let's look at web mail. To gain access, you put in a username and a password, which the website then certifies. The process is made possible via an encryption protocol called "OpenSSL." But with the bug, there's apparently a tiny opening for your username and password credentials—or any other supposedly encrypted information—to leak or "bleed" out.
As tech website Mashable.com explains:
"The bug affects web servers running Apache and Nginx software, and it has the potential to expose private information users enter into websites, applications, web email, and even instant messages."
And that's the problem. Below, we tackle a few more points about this anomaly that the Internet is calling as one of the biggest security threats right now!
When was it discovered?
The Heartbleed Bug's discovery was made public last April 8, 2014, reportedly found by Google's security group, and a software security team called Codenomicon.
The problem was said to affect websites running "SSL encryption" such as Pinterest, USMagazine.com, NASA, and Creative Commons. The problem was said to have started two years ago, but was only detected recently.
We don't go to those sites anyway, should we still be concerned?
It's not just those websites. OpenSSL is said to run on 66 percent of the web. Unfortunately, part of that 66 percent are popular websites such as Facebook, Dropbox, WordPress, and Yahoo!. If you're using the Internet, chances are you're interacting with OpenSSL and making yourself vulnerable.