eScan, one of the leading Anti-Virus and Content Security Solution providers has launched an online tool to identify the latest vulnerability, Heartbleed bug which has been creating chaos in the cyber security landscape. This tool introduced by eScan can be used by IT users to check whether the website they are browsing is affected with the Heartbleed bug or not and can be accessed at www.escanav.com
A major new security vulnerability dubbed Heartbleed bug was disclosed on April 7, 2014 with severe implications for the functioning of the entire web. The bug can scrape a server’s memory, where sensitive user data is stored, including private data such as usernames, passwords, and has been in existence on the Internet for the past two years. It allows hackers to exploit a flaw in the OpenSSL encryption software used by a majority of major websites to steal data.
Since a majority of websites are vulnerable to the Heartbleed bug, changing a password will not help much; as the website would have to update their OpenSSL software first in order to mitigate the threat. Simply type the website address that you wish to browse into the box displayed in the tool, and it will let you know whether it is safe. Although, websites such as Facebook, Gmail, Amazon, Yahoo!, Twitter and others are not vulnerable, however numerous other websites/servers are still vulnerable to this.
The Heartbleed bug, basically takes advantage of OpenSSL encryption software, which is in standard use by many websites and while browsing an SSL site, the secured site is designated by the small padlock symbol, however not all webservers have deployed OpenSSL. A new protocol was introduced to the TLS/DTLS allowing the usage of keep-alive functionality without performing a renegotiation. When messaging back and forth on a secure connection, sometimes computer wants to check the other computer’s availability. This cross checking is done by sending a small packet of data, called ‘heartbeat’. The Heartbleed bug flaw allows hackers to use a fake packet of data, which tricks the computer into responding with arbitrary data stored in the memory by OpenSSL. The attacks using this flaw are undetectable by current standards and the bug existed under the radar for about two years.
eScan’s range of security solutions have been standing out due to the rapid and continuous improvements in the level of protection offered by the product for many years. eScan ensures 100% security of PC against zero-day malware attacks, web and email threats, downloading/installing the rouge software and surfing malware infected websites.
Mr. Govind Rammurthy, MD and CEO, eScan said, “Users are likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (Transport Layer Security) implementation used to encrypt traffic on the Internet. Hackers are using smart social engineering tricks more and more often on popular social sites, company’s site and commercial sites. Hence, our newly launched online tool makes it easy for IT users to enjoy safe internet browsing and have a secured computing experience.”