Apakah itu heartbleed..heartbleed bukanlah hati berdarah. Ok baca penerangandibawah (english version)
What is Heartbleed?
Heartbleed is the name given to the vulnerability disclosed by the National Institute of Standards and Technology (NIST) under CVE-2014-0160 and was first revealed publicly on Monday April 7th. Basically it’s a flaw in an open-source software product called OpenSSL, which ironically is supposed to secure web traffic through encryption. The vulnerability can be used to expose passwords, emails, and also get private encryption keys from secure websites. With these private keys hackers can essentially direct traffic to fake web sites with the purpose of stealing information entered there.
How bad is it really?
Many security experts are labeling Heartbleed as the biggest threat to hit the Internet with half a million or more websites being affected. Imagine, you think you are going to your banking site when in reality you have unknowingly entered your username and password at a site owned by hackers. Or you’re shopping online and not only does your product never arrive, your credit card information is now in the hands of bad guys. The effects can be devastating.
Does this affect web sites I visit?
A large number of major Internet companies have been affected, but the full impact is yet to be established. A list of the major sites and their current status can be found at this CNET site.
Should I change all my web passwords?
The short answer is yes. But you will want to verify that the website is not affected, or has fixed the vulnerability first. Otherwise you are potentially compromising your new password as well. For the major sites you can verify by checking CNET. The password security firm LastPass has set up a Heartbleed Checker, which lets you enter the URL of any website to check for the vulnerability. You can also contact the company of the website in question directly.
Thank you and jumpa lagi.. :)