The Heartbleed Bug is a serious vulnerability in the popular Open SSL cryptographic library. It allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the Open SSL software . The Heartbleed Bug is a software bug in the Open Source Open SSL Protocol that has been around for at least two years. This flaw was first announced to the public at large on Monday April 7, 2014. The Heartbleed Bug is not malware, it is not a virus and it is not something that one can catch by visiting corrupted websites, etc. Furthermore it is not detectable and therefore "anti-virus software" provides no protection. It is estimated that roughly two third of all secure websites around the world use the OpenSSL protocol, and therefore are at risk. These include Google, Facebook, Yahoo, Bing, Pinterest, NetFlix, Instagram, Vimeo, GoDaddy, USPS, Flickr, YouTube, SoundCloud, Twitter, Dropbox etc. The Heartbleed bug has been describes as one of the bigger security threats the Internet has ever seen to date . The Heartbleed bug is a flaw found in the OpenSSL protocol and OpenSSL is the core cryptographic library used by most servers on the internet . Heartbleed bug was a result of lack of input validation as there was no bounds check that was carried out in the TLS heartbeat extension. The name Heartbleed came about from this flaw found in the heartbeat extension. This flaw could result in an attacker accessing up to 64KB every heartbeat .
Systems Attacked by the Heartbleed Bug.
The Heartbleed Bug has affected most popular websites and services such as Gmail, Yahoo, Facebook etc. Sensitive account information such as passwords and credit card numbers have been exposed. It enabled the attackers to access sensitive data, including the server's private key.