In April 2014, security researchers found a flaw in OpenSSL. OpenSSL is an open source toolkit used by many websites. SSL stands for Secure Socket Layer, and (ironically) was created to prevent hackers from finding users personal information. In short, OpenSSL is basically a “project that was started to encrypt websites and user information across the web” (Richardson, 2014). So this is used by many big websites to help users keep their information safe. Not only is it supposed to protect their information but it is also put in place to protect what they communicate through these websites and what they upload as well. Still, hackers found a way to get into this, and today this hack is known as Heartbleed. You may be familiar with this if you have Facebook, Google, Dropbox, or Yahoo, because most of these platforms sent out a mail to let their users know about this threat and also advised them to change their passwords so that they would not be affected. Heartbleed was a flaw in OpenSSL that allowed hackers to find encrypted information. This means that they can potentially have access to passwords, usernames, and even credit card information. After having found this flaw, OpenSSL published a new version of their software in order to make it more secure, but still, the damage had been done.
Heartbleed was a very good example of how open source can go very wrong. If the mistake had been made, but the software was not open to any and all people, then nothing would have happened. Big companies such as Facebook and Google should have more control over their encryption systems and should keep this much more private than they do now.
What do you think about this? Were you aware of Heartbleed and did you do something about it? What’s your opinion on OpenSSL?
References:
Richardson, D. (2014, April 19). Heartbleed bug: What is it? Who is handling our security?. Inferse. Retrieved from http://www.inferse.com/14435/heartbleed-bug-handling-security/
Russel, K. (2014, April 8). Here’s how to protect yourself from the massive security flaw that’s taken over the internet. Business Insider. Retrieved from http://www.businessinsider.com/heartbleed-bug-explainer-2014-4