Imaged by a red heart, this is what we have nicknamed the ‘Heartbleed’ bug. The web community is facing a virtual, but very real, threat. Is your confidential information compromised? What is this threat? Have I been affected or defrauded? Should I take action to protect myself? At a time when e-commerce seems to be taking off, should this situation question everything?
For the majority of web users, it is difficult to understand what the Heartbleed bug is. It is important to understand that this is not a virus, but rather a complex fault in a security system designed to encrypt the information submitted on a web site. As explained in this article from Radio-Canada , the loophole is as serious as it is sneaky. The magnitude was such that users, companies or institutions, were able, unbeknownst to them, to steal information. The fault (in existence for 2 years now!), has had plenty of time to be discovered and exploited by malicious people. The sneaky side of this bug comes from the fact that no trace could be saved during attempts of data substitution, making it virtually impossible to know if there is interception, and what information has been intercepted.
The recent announcement by the Canada Revenue Agency and a few other large internet sites worldwide, that they have had confidential information stolen about their users, suggests that these events took place shortly after the announcement of this bug. The lack of swift action from the CRA to correct the loophole allowed some individuals to use Heartbleed to steal information.
Fortunately, although the loophole has potentially made available a ton of confidential information, a few lines of code are enough to correct the problem. A simple error of negligence in the drafting of the program can be resolved very easily. An update of the server program will correct the fault. Once the server is updated, a password change will be necessary in order to ensure that all stolen information would not be used inappropriately. An update by Google enables you to check which services are affected, and when it is recommended to change your passwords. (here)
Computer programmers say that similar bugs occur every day. They do not prevent the proper operation of systems, but also, do not provide the integrity of their duty. We therefore find, again, that the web is still in its infancy. Certainly, it will stumble again before reaching a greater degree of maturity.
Sources : https://ici.radio-canada.ca/nouvelles/societe/2014/04/11/007-heartbleed-definition-changer-mot-passe-questions.shtml https://branchez-vous.com/2014/04/14/pour-mieux-comprendre-heartbleed/ https://www.lemouv.fr/diffusion-heartbleed-la-faille-de-securite-bien-marketee
