14 DAY TRIAL // The Heartbleed saga has just begun, and the problems may not yet be over even if most of the big sites have already gone through the necessary steps to patch up the security bug.
Despite this, there’s bad news on the horizon and that’s that the entire mobilization to protect users from data breaches may lead to slow web performance.
According to Johannes Ullrich from the SANS Internet Storm Center, web browsers may be overloaded by the moves performed by sites and the changes in security certificates. This can lead to error messages, which can ultimately impact web performance, AFP reports.
The aforementioned security certificates are obtained by web operators after the patch is installed and they demonstrate that the web browsers can trust them. In turn, the web browser must update the list of certificates that can and cannot be trusted, or they are rejected.
It’s not unusual for browsers to update dozens of keys each day, but due to Heartbleed, the number has skyrocketed into the tens of thousands.
This leads to a significant slowdown of the browsing process, which you may have noticed already with sites that take a long time to load or don’t load at all, giving an error.
This could, indeed, get frustrating, but you shouldn’t make the mistake of disabling these browser lists because a hacker could use this to get in, putting everyone in a difficult situation.
Last week, Google, along with security firm Cloudflare, revealed Heartbleed, the biggest security bug in recent years. Heartbleed affects OpenSSL by creating a way for hackers to snatch packets of data from servers. This creates the possibility of hackers stealing passwords, personal data and encryption keys which are normally used to protect entire sites and servers.
The bug is extremely widespread, affecting a range of OpenSSL versions released over the past two years. These versions were used by about two thirds of the world’s secure websites, including by those owned by companies such as Google, Yahoo and Facebook.
Furthermore, government sites were also affected, including some belonging to the Canadian authorities. In fact, last Friday, some 900 social insurance mumbers were stolen in a breach that used the Heartbleed backdoor.
Mobile apps aren’t safe either, so users should be careful about the ones they install on their phones so that their details don’t get hacked.
Perhaps the worst part about Heartbleed is that attacks exploiting it don’t leave any traces behind, making it impossible to know how many attacks have taken place or how much data was stolen.