The most dangerous security hole in the history of the internet, which reveal Heartbleed OpenSSL security vulnerabilities seized the attention of many observers of the world of cyber security.
However, the number of bug reports Heartbleed actually makes a lot of people are confused to understand what it Heartbleed. Here is a collection of myths circulating about Heartbleed wrong.
1 . Heartbleed is a virus
OpenSSL bug is not a virus , but a security hole . The loophole arises because of a typing error code in open-source encryption protocol used by many websites and servers .
OpenSSL function to help ensure inter - network communications are protected . With the open security holes , one can monitor personal communication or log events , and interesting data.
2 . Effects Heartbleed only affected the web site
Although only affected the site , Heartbleed could interfere with the work of web servers and routers are breached . This is because a lot of the amount of data that can be stolen .
However , web servers and routers are not the only potential targets Heartbleed this bug . Clients that communicate with the server , including smartphones , laptops , and other devices that connect online also at risk with what is called " Reverse Heartbleed , " where the data is stored in the memory device can also be stolen .
" Usually on the client side , the memory allocated to processes that are running alone , so that all processes can not be accessed , " said David Chartier , CEO of the Finnish internet security company , Codenomicon to ReadWrite ( 14/04/2014 ) .
" However , that does not mean the content of e - mails and other documents safe , they may still leak , " said Chartier .
3 . Hackers can use to mengonrol smartphones
Based on all current indications , a hacker can not take over control of smartphones , they can only retrieve data stored in the memory of the smartphone that has not been getting security patches .
iPhone and most Android devices so far remained immune to this bug Hearthbleed , with the exception of Android 4.1.1 . But Google has said it will soon release a security patch for the operating system .
BlackBerry has said that BBM app for Android and iOS are also affected by this bug Heartbleed , but the Canadian company said it was preparing fillings for a gap in the service of his messenger .
4 . Prone Heartbleed Windows XP is no longer supported because Microsoft
This myth wrong . Microsoft Windows XP support ends when the bug Heartbleed found . This of course makes panic . However , Microsoft insists its developer blog that the company from Redmond , the U.S. does not use OpenSSL .
Windows XP , and all versions of Windows , including Windows Phone , using encryption component developed by Microsoft itself , namely the Secure Channel ( or SChannel ) , so it is not affected by the bug in OpenSSL .
5 . All banks are vulnerable to Heartbleed
Banks and selling sites are popular not use open-source encryption protocol , so we can be sure their website is not directly affected . However , it does not mean the data is stored in a bank or selling the site remains safe , because forever these sites targeted by hackers .
6 . Frequently accessed site is not at risk / already have security patches , so I'm safe .
Not entirely , because Heartbleed leave no trace after hackers managed to retrieve the data . All data login and password information remains at risk . Because it immediately change the password so such websites issuing security patches .
7 . Heartbleed NSA utilizes a long time to spy on us
Circulated the news that said that the U.S. intelligence agencies , the NSA had known bug in OpenSSL , but chose to remain silent and to use it to conduct espionage .
However , the NSA denied it and said that it was not using the security hole , and a new claim to know the gap after it was announced . But if the NSA telling the truth or not , nobody knows , considering how the track record of the government agencies has been in hiding information .
However, the number of bug reports Heartbleed actually makes a lot of people are confused to understand what it Heartbleed. Here is a collection of myths circulating about Heartbleed wrong.
1 . Heartbleed is a virus
OpenSSL bug is not a virus , but a security hole . The loophole arises because of a typing error code in open-source encryption protocol used by many websites and servers .
OpenSSL function to help ensure inter - network communications are protected . With the open security holes , one can monitor personal communication or log events , and interesting data.
2 . Effects Heartbleed only affected the web site
Although only affected the site , Heartbleed could interfere with the work of web servers and routers are breached . This is because a lot of the amount of data that can be stolen .
However , web servers and routers are not the only potential targets Heartbleed this bug . Clients that communicate with the server , including smartphones , laptops , and other devices that connect online also at risk with what is called " Reverse Heartbleed , " where the data is stored in the memory device can also be stolen .
" Usually on the client side , the memory allocated to processes that are running alone , so that all processes can not be accessed , " said David Chartier , CEO of the Finnish internet security company , Codenomicon to ReadWrite ( 14/04/2014 ) .
" However , that does not mean the content of e - mails and other documents safe , they may still leak , " said Chartier .
3 . Hackers can use to mengonrol smartphones
Based on all current indications , a hacker can not take over control of smartphones , they can only retrieve data stored in the memory of the smartphone that has not been getting security patches .
iPhone and most Android devices so far remained immune to this bug Hearthbleed , with the exception of Android 4.1.1 . But Google has said it will soon release a security patch for the operating system .
BlackBerry has said that BBM app for Android and iOS are also affected by this bug Heartbleed , but the Canadian company said it was preparing fillings for a gap in the service of his messenger .
4 . Prone Heartbleed Windows XP is no longer supported because Microsoft
This myth wrong . Microsoft Windows XP support ends when the bug Heartbleed found . This of course makes panic . However , Microsoft insists its developer blog that the company from Redmond , the U.S. does not use OpenSSL .
Windows XP , and all versions of Windows , including Windows Phone , using encryption component developed by Microsoft itself , namely the Secure Channel ( or SChannel ) , so it is not affected by the bug in OpenSSL .
5 . All banks are vulnerable to Heartbleed
Banks and selling sites are popular not use open-source encryption protocol , so we can be sure their website is not directly affected . However , it does not mean the data is stored in a bank or selling the site remains safe , because forever these sites targeted by hackers .
6 . Frequently accessed site is not at risk / already have security patches , so I'm safe .
Not entirely , because Heartbleed leave no trace after hackers managed to retrieve the data . All data login and password information remains at risk . Because it immediately change the password so such websites issuing security patches .
7 . Heartbleed NSA utilizes a long time to spy on us
Circulated the news that said that the U.S. intelligence agencies , the NSA had known bug in OpenSSL , but chose to remain silent and to use it to conduct espionage .
However , the NSA denied it and said that it was not using the security hole , and a new claim to know the gap after it was announced . But if the NSA telling the truth or not , nobody knows , considering how the track record of the government agencies has been in hiding information .
No Comment to " 7 Myths about "Heartbleed" "