Lately, there has been a security exposure of CVE-2014-0160 was found out, it has a nickname Heartbleed. It is the type of vulnerability that grants the attacker to get the stored private data on servers that can run reliable versions of OpenSSL. Those sensitive data like passwords, username, and also the information on credit card (which can be at risk). This bug can give way to get the data straight from the server’s memory. However, the attacker will not know if the information they took will be good for them, and they can continue to make use of Heartbleed as often as they need which will give a chance to eventually gather the data they are really needed.
To understand what the OpenSSL really is, it is the open-source encryption technology broadly used throughout the web. The process of converting the information in a way that those authorized groups will be able to read through it, this is what it means of encryption.
Heartbleed was introduced to OpenSSL software back in March 2012, however, it was lately discovered by security companies. Still, it is unknown who developed CVE-2014-0160, before it was brought in public.
How can I protect myself from this threat?
Password Change. When these things happen, it is a good idea to change the passwords, and to do this you need to contact the website operator to check that Heartbleed bug is resolved, if not yet, then changing the password will be useless (for the attacker can breach again and take the new password).
When you are unsuccessful to contact the website operator, there is another way to tell if a site is dangerous. There are tools online, where you can get an information to know if a site is already infected by Hearbleed. There is also 100 top list of websites on CNET that can patched the Heartbleed bug.
Information protection. Remember that Heartbleed is not a malware (such as worm, Trojan horse, virus and so on), it is a security flaw, those anti-malware programs cannot protect your information. This capability depends on the operator of the Website.
Traces. You can’t even know when your information has been stolen from you for this won’t leave any trace of abnormal activities.
Banking information. The majority of the banks doesn’t use OpenSSL, they have their own propriety encryption software. So, if you are into online banking, changing your password and contact the bank to confirm for the security of the site would be a good idea. You also need to take time to check regularly your financial statement for anomalous charges. Online banking can be a good step, but you always need to check the security.