By now you’ve probably heard of Heartbleed, but exactly what is it and who does it affect?
For starters, the internet uses many different technologies to secure traffic. We’ve all see the padlock on ecommerce and banking sites or heard of https or SSL. These are all indicators that the transmission between your device and the server is encrypted. To do these there are various pieces of software used and Heartbleed relates to just one, OpenSSL which is commonly used on open source web servers.
The bug has gone unnoticed for more than two years and could potentially give hackers access to an unlimited array of secure data – everything from passwords and login details to credit card numbers and addresses.
Here at Postcode Anywhere we use Microsoft-based web servers which don’t use OpenSSL so it’s not really an issue for us but about 66% of websites do. Because OpenSSL is free, it tends to be used on the larger sites where licensing fees would otherwise be prohibitive. It’s been difficult to say exactly how many sites have been left vulnerable, the lower estimates are around half a million, with a large number of well-known companies such as Google, Facebook and Yahoo all affected.
OpenSSL is managed by four core European programmers, only one of whom counts it as his full-time job! It’s easy to take open-source software for granted, and to forget that the internet we use every day depends in part on the freely donated work of programmers.
What’s interesting though is that Heartbleed and most of the exploits that have attacked PCs over the years all exploit common problems with the older languages used to write software. These languages like C are very, very fast but also just like the wild west of coding. You can get a chunk of memory and hack around to your heart’s content. That memory may contain data or code so you can potentially execute something bad or gain access to data you shouldn’t (as with Heartbleed).
It does raise the question though, these days with hardware so fast and so cheap should we still be using software that is so fundamentally flawed? Software developers love C because it’s fast and simple. Consumers whose card details have been hijacked are probably less enamoured!
Have you experienced a problem with Heartbleed? Let us know below.