(CNN) -- The world has been shaken by the shock of researchers revealing a serious vulnerability in the most important network security software that keeps your email, banking, shopping, passwords, and communications confidential. The security flaw is dubbed heartbleed.
What is the vulnerability?
- Cloudflare Director Matthew Prince said, "It is possible that we are facing the most dangerous and unprecedented vulnerability -- Matthew Prince - Director of Cloudflare."
- The vulnerability is related to the encryption protocol of data exchanged on the Internet and causes the leakage of encryption keys and private communications between users and most of the sites and services on the network. It mainly concerns OpenSSL, the widely used protocol for encrypting data transmitted on the Internet.
- OpenSSL is an open source technology that includes the well-known TSL and SSL encryption tools. The first stands for TransportLayer Security, or Secure Sockets Layer Protocol, which uses powerful encryption algorithms and is an upgraded version of the SSL- Secure SocketsLayer protocol that encrypts data exchanged on the network.
When you enter a site whose address begins with https and at the bottom of the screen there is a lock icon, this means that the data exchanged between your computer and the site server is encrypted to protect the information, and if you see the image on the address, this means that there is a great chance that the site uses the encryption system that affected the dreaded vulnerability .
How does it work?
-For two years, the vulnerability allowed outsiders to access personal information that was supposed to be safe and confidential.
-This means that there is a design flaw in the OpenSSL protocol. In the case of wanting to make sure that the server works, what is known to experts as ping is sent through technological signs and signals that are waiting for a response with a technique called by experts Pong, but the server that was exposed to the Heartblee vulnerability sends all the data stored in its memory as well as the encryption keys used by the site.
-The vulnerability also keeps you inside the site, allowing a stranger to act as if you are without the need to memorize your password. It also allows attackers to pretend to be a real site and lead you to reveal your password.
- The most dangerous thing is that the vulnerability leaves no trace, so that you remain without knowing when and how you were hacked.
The area of impact of the vulnerability:
-More than two-thirds of web servers use OpenSSL encryption technology. The lapse specifically affects a version developed in 2011. Studies have also shown that 81 percent of websites use server programs such as Apache and Nginx, both of which are vulnerable to being targeted by the vulnerability.
-Many popular websites such as Google, Yahoo and Amazon use targeted encryption methods. These sites have updated themselves and fixed the vulnerability, but many sites still have not done so. And the sites that use the concerned encryption system are added to Facebook, Pinterest and Instagram.
-What can be done:
- Exit all websites that use passwords, such as e-mail, social networking sites, and banking systems. But that is not enough, as many sites are still in the process of working to fix the vulnerability, which means that if you change a password on a site that still did not fix the matter, it is still concerned with the vulnerability. According to the Italian expert Filippo Valsorda, "It could take years to fix all the sites - Filippo Valsurda - Network Security Expert."
