Blog
Rahul Thadani

3 Important Things You Should Know About Heartbleed

April 14, 2014
144
Estimated reading time: 3 minutes

Password leaks and targeted attacks are nothing new and the latest security bug related to a massive loss of passwords across the world is ‘Heartbleed’. This bug has received a lot of media coverage over the last few days, so there is a lot of confusion about what it is and what one needs to do to fix the issue.

large-hero-heartbleed

This blog post aims to help you better understand what Heartbleed really is and what you need to do in order to secure your presence online. Heartbleed has affected about 17% (close to 500,000) of the web servers across the world, so there is a high chance that you are affected by this too. With that in mind, here’s what you need to know now.

Fact # 1: What exactly is Heartbleed?

Heartbleed is a security bug that affects servers that use OpenSSL (Secure Sockets Layer) technology. When you log in to your email account, or make a financial transaction online, the server that hosts this activity is protected by the SSL technology, which is denoted by the symbol of the padlock near the address bar and the unmistakable presence of “HTTPS” as a prefix of the URL itself.

Hearbleed_bug

Heartbleed is a bug that afflicts this very protective measure and exposes information that SSL attempts to protect. What this means then, is that sensitive information like passwords, credit/debit card details and more are susceptible to this bug and can be stolen.

What this means is that there is nothing wrong with your PC or your antivirus software. This is an issue that needs to be dealt with by the people who run the websites that make use of SSL. Moreover, if you are surfing the Internet you will not be able to tell if a service you are using is affected by Hearbleed or not.

Fact # 2: Which websites and online services are affected?

While most of the sites that have been affected have taken corrective steps already, there are bound to be many more which are still working on it. If you use some of the following services then there is a high chance that your password and details may have been leaked.

Facebook

Gmail

Amazon

SoundCloud

Instagram

Yahoo Mail

Flickr

YouTube

Pinterest

Google

Minecraft

Wikipedia

Tumblr

GoDaddy

Netflix

Dropbox

As you can see, the list is huge. There are several more services that have been affected, so the potential damage here is substantial.

This online tool can also help you ascertain whether a particular URL is afflicted or not. If you carry out online banking transactions, then we highly recommend that you change your account passwords. Also, check this tool to see if your bank’s online portal is affected by Heartbleed or not.

Fact # 3: What do you need to do?

While there is nothing specific that you can do to combat Heartbleed, one major precaution you should take is change ALL your online passwords right away. This will ensure that if any of the services you use have been afflicted by Heartbleed, then at least your passwords will be safe. Apart from this, stay alert about any unusual activity on your accounts. If you feel something is out of the ordinary, take the necessary corrective steps as soon as possible. Moreover, spread the word about Heartbleed and inform your friends and family members as well.

what_is_phishing_how_can_you_doge_it_

WARNING: Be on the lookout for fake password reset emails

With such widespread activity occurring simultaneously with regards to password changes all over the world, this is bound to lead to several phishing emails about password resets. Be on the lookout for such emails and stay away from fake emails that ask you to change your passwords. Read here for some tips on how to recognize fake phishing emails.

Quick Heal will keep you updated about any further developments and news regarding Heartbleed, so keep checking back for more information.

Have something to add to this story? Share it in the comments.

Rahul Thadani
About Rahul Thadani
Rahul is a web enthusiast and blogger, and has been writing about the computer security industry for the last three years. Following the latest technology trends,...
Articles by Rahul Thadani »

144 Comments

Your email address will not be published.

CAPTCHA Image

  1. nice…

    Reply
  2. SPS BindraApril 15, 2014 at 6:35 PM

    Dear sir,

    Thanks for giving precious information about changing passwords. Please advise whether banking account passwords are to be changed or all the passwords including passwords for email accounts are to be changed.

    Reply
    • Hi SPS Bindra,

      It is advisable to change all the passwords – email accounts and banking accounts. It is not yet known if banking accounts are affected, so it is better to change them so as to be safe.

      Thanks and regards.

      Reply
      • Can the password be hacked during changing them as well??
        If yes, what process should be followed while changing them??

        Reply
      • Vinay JoshiApril 21, 2014 at 5:19 AM

        Dear Mr. Rahul Thadani,

        It’s not advisable to change all your p/words in one setting!
        Crucial first, others say in 10/15 days.

        I change my banking p/word et al; in one setting, what guarantee
        that my bank’s server is not infected? In the event my machine is
        infected how do i know? Quick Heal will highlight it? Delete/repair!
        What next?

        How many servers including twenty odd mentioned by you – by name – have informed it’s users of the re-issuance of site certificate for their upgraded servers? That it has right version of Open SSL/TLS!

        The bug has been around for last two years or so. Neel Mehta, Google security researcher & Codenomicon, Finnish security firm, discovered it on Monday April 8. Is a coincidence that since April 8, Windows XP patches will not be available & all are required to upgrade to Windows 8 & i’m expecting in abt a year’s time Windows 9.0 will debut thereby Win8 will be redundant.

        A wide array of distributions uses the cryptographic library, 66% of the world’s servers. There are online site checkers but not 100% accurate.

        The bug – Heartbleed – CVE 2014-0160- [common vulnerabilities & exposures] can potentially leak 64 kbs of memory – single heartbeat. The attackers use from any server OpenSSL version 1.0.1, 1.0.1f, 1.02.beta, 1.o.2beta2, can read through the memory of the machine on the internet protected by the vulnerable software.

        Regards,

        Reply
        • Hi Vinay,

          Thanks for your valuable insights and points. It is a coincidence that Heartbleed and Windows XP EOL came about at approximately the same time. But then again, nobody can say that for sure. However, with such a bug it is better to go through the trouble of changing passwords every once in a while, rather than risk keeping them the same and having them exposed to malicious parties.

          Your points about Windows platforms are true as well. Nonetheless, this is something all users and software manufacturers have to live with. Do write back with further feedback if you have any.

          Thanks and regards.

          Reply
  3. Swapnil WaniApril 15, 2014 at 7:50 PM

    Thanks…
    Very important and helpful information.

    Reply
  4. Lt Col Sandeep Singh BajwaApril 15, 2014 at 7:51 PM

    This is really very practical and real time warning which your esteemed institution has given its users. Will surely help.Another issue is that the financial institutions in consultation with ITES providing Anti-Virus solutions have mandatory obligation to protect their customers and clients.
    Thanks & Regards,
    Lt Col Sandeep Singh Bajwa.

    Reply
  5. PBBHIMJIANIApril 15, 2014 at 8:23 PM

    Very rightly guided by you.Thanks.In future always guide like this.

    Reply
  6. PBBHIMJIANIApril 15, 2014 at 8:24 PM

    Very rightly guided by you.Thanks.In future always guide like this

    Reply
  7. Venkida KrishnanApril 15, 2014 at 8:38 PM

    super

    Reply
  8. Asish BishoiApril 15, 2014 at 10:53 PM

    Thank you Quick Heal for such an important piece of Information.I hope you guys will always try to keep us safe.I am earnestly looking forward for a newer updated article.

    Reply
  9. thanks! I’ll change my passwords right away.

    Reply
  10. ramprasad bangaruApril 16, 2014 at 6:48 AM

    The information was really helpful. Keep me updated.

    Reply
  11. KhargeswarRabhaApril 16, 2014 at 7:24 AM

    It’s very useful

    Reply
  12. Subrat PradhanApril 16, 2014 at 10:43 AM

    Thanks a lot for getting us updated.

    Reply
  13. Harshal PandeApril 16, 2014 at 11:15 AM

    Thank You For posting this information.
    Its very useful for us.

    Reply
  14. thanks sir

    Reply
  15. Thanks for information

    Reply
  16. Thank you for precious information.

    Reply
  17. Ashish RaneApril 16, 2014 at 12:12 PM

    Thanks for the info.

    Reply
  18. Is mobile browsing at the same risk level as Laptop/PC browsing?

    Reply
    • Hi NV,

      Yes, mobile browsing carries the same risks as laptop/PC browsing. Heartbleed is a bug with regards to the SSL security that websites use. So irrespective of where you access the site from, the risks are the same.

      Hope that helps.

      Reply
      • I have found some “heartbleed” folder in my windows 7 and deleted that. I have not marked exact location though. I am not confirmed that it was vulnerable or good. I have just deleted that folder. Please check your system folders carefully.

        Reply
  19. Thank you for this precious information

    Reply
  20. HANSRAJ SINGH SHAKTAWAT PEETH- DUNGARPURApril 16, 2014 at 4:12 PM

    its really helpful attention…..thanks a lot…

    Reply
  21. Thanks for the useful information.

    Reply
  22. Virendra Kumar KaliaApril 16, 2014 at 7:22 PM

    Thanks for the timely usefull info, will change the passwords asap.

    Reply
  23. Is it safe with Quickheal ? Does Quickheal support the safety of my PC from this virus?

    Reply
    • Hi,

      As mentioned, Heartbleed cannot be controlled from your PC’s side. The host server needs to ensure that their data is secure by plugging this security bug.

      Thanks.

      Reply
  24. Thank You For This Precious Information.

    Reply
  25. thanks

    Reply
  26. Hasmukhrai DesaiApril 16, 2014 at 10:00 PM

    Suppose we change our bank a/c password, is not possible that the new pass word also gets theft? Then what is safety?

    Reply
    • Hi Hasmukhrai,

      There is no ideal frequency for changing passwords. It all depends on how many different devices you access your accounts from and what their security levels are like. Online banking account passwords usually need a change once in 6 months, but for other accounts it is quite safe to continue using the same password, as long as it is a good one.

      Thanks.

      Reply
      • sir please tell,how we can be safe by changing our password because it chance again may be leaked…….and to change password always its impossible….so give proper measure to overcome this problem……

        Reply
        • Hi Amit,

          Unfortunately, when such leaks happen, it becomes necessary to change passwords. So all we can do as users of such services, is to change passwords when these leaks occur.

          Regards.

          Reply
  27. Ram kishan sharmaApril 16, 2014 at 10:03 PM

    Thanks Quick Heal for this information.

    Reply
  28. Rev Dr Rahul UthwalApril 16, 2014 at 11:09 PM

    Thanks

    Reply
  29. ravi sharmaApril 17, 2014 at 6:39 AM

    Congratulation quick heal, really you have given a very very useful information.Thanks for your support.

    Reply
  30. Dr Manoj TamboliApril 17, 2014 at 7:32 AM

    Thanks a lot for this important information.

    Reply
  31. thanks a lot

    Reply
  32. Eruch KateliApril 17, 2014 at 11:32 AM

    Thanks
    People use their intelligence wrong way
    Wish this intelligent people use their knowledge in a better way
    God guide them on right track

    Reply
  33. Ravindra Madhav DeshpandeApril 17, 2014 at 12:29 PM

    thanks, keep informming me about the latest news on this topic

    Reply
  34. Ravindra Madhav DeshpandeApril 17, 2014 at 12:48 PM

    please tell me the frequency for changing the password/s because itis really difficult to memorise every changed password. my netbanker has stipulated changing password evey six maonths(SBI NET, protected with VERYSIGN). also keepa dvising about the latest info. thanks.

    Reply
    • Hi Ravindra,

      There is no ideal frequency for changing passwords. It all depends on how many different devices you access your accounts from and what their security levels are like. Online banking account passwords usually need a change once in 6 months, but for other accounts it is quite safe to continue using the same password, as long as it is a good one.

      Thanks.

      Reply
  35. Anup DevnikarApril 17, 2014 at 1:33 PM

    If I change the password now while the site is still affected, is it not possible that the bug would steal the new password too?

    Reply
    • Hi Anup,

      Ever since Heartbleed has been exposed in the public domain, all the major sites have been working to rectify the issue. With the amount of time that has now passed, it is safe to assume that most sites would have fixed this. If not, it would severely hurt their consumer base and their credibility. So, you can safely change your passwords now.

      Thanks.

      Reply
  36. Grateful to the QHT that had given this vital information and thanks to their R&D team who taken pain to diagonise this virus…….with regards

    Reply
  37. hi,

    pl guide abt the online tool …u have given link to, in your article….

    It shows some other website..\

    regards

    Reply
  38. Harshit SaxenaApril 17, 2014 at 2:54 PM

    Thank You For Your Precious Advice.Is There Any Software Which Can Protect Our PCs Against Heartbleed?

    Reply
    • Hi Harshit,

      There is no need for a software to protect your PC from Heartbleed. This is a security loophole in the host server so it is out of your PC’s domain.

      Thanks.

      Reply
  39. subrat ku.beheraApril 17, 2014 at 3:25 PM

    good

    Reply
  40. gurpreet singhApril 17, 2014 at 3:32 PM

    very good useful information

    Reply
  41. ashok mehtaApril 17, 2014 at 3:35 PM

    Hats off for such a superb information. Keep it up!!!

    Reply
  42. thanks

    Reply
  43. Sachin LatiyanApril 17, 2014 at 5:26 PM

    sir
    I m using Xperia C, it refuses to respond and screen goes black, ring comes and I m able to receive call only with idea what may b the reason.
    Thanks

    Reply
  44. SUKOMAL DHARApril 17, 2014 at 6:30 PM

    Is it necessary to change the 3D security number of credit card ?

    Reply
    • Hi Sukomal,

      Can you please elaborate on the question? Are you talking about the 3-digit security PIN at the back of the credit card? This number cannot be changed as it is unique for your credit card number. Moreover, it does not need to be changed as well.

      Thanks.

      Reply
  45. Dear Rahul,
    How do we know which website has been inflicted by Heartbleed?

    Best
    Anupam

    Reply
  46. Hari ParsadApril 17, 2014 at 11:11 PM

    good awareness/knowledge

    but can you tell me all these host’s Database are 100% Infected or not and how can this bug work :-

    Facebook,Gmail,Amazon,SoundCloud,Instagram,Yahoo Mail,Flickr,YouTube,Pinterest,Google,Minecraft,Wikipedia,Tumblr,GoDaddy,Netflix,Dropbox

    Reply
    • Dear Hari Prasad,

      Most of these hosts would have resolved the issue of Heartbleed by now, as their market value and credibility depends on that. This bug opens up the servers of these hosts and potentially exposes passwords that are stored on them.

      Regards.

      Reply
  47. Dr Bipin PrajapatiApril 17, 2014 at 11:28 PM

    If the services are affected we are not able to detect the bug. In such situation, how much is it safe to reset the passwords of affected services ?

    Reply
    • Hi Dr. Bipin,

      Ever since Heartbleed has been exposed in the public domain, all the major sites have been working to rectify the issue. With the amount of time that has now passed, it is safe to assume that most sites would have fixed this. If not, it would severely hurt their consumer base and their credibility. So, you can safely change your passwords now.

      Thanks.

      Reply
  48. is there any app to protect from Heartbleed for my phone

    Reply
  49. how safe is the online tool..if it is not from quickheal.
    wont we be leading them to sites which are missing from the hackers files and yet to be infected.
    al

    Reply
  50. lakshmi kanth.m.bApril 18, 2014 at 9:41 AM

    Thanku for information

    Reply
  51. lakshmi kanth.m.bApril 18, 2014 at 9:42 AM

    thnku

    Reply
  52. lakshmi kanth.m.bApril 18, 2014 at 9:42 AM

    thnks

    Reply
  53. thanks

    Reply
  54. A very timely and effective information. Thanks.

    Reply
  55. Sir, kiske password change karu.

    Reply
  56. Shritama SenguptaApril 18, 2014 at 8:35 PM

    There is a problem with my friend’s laptop. When ever she tries to use g-mail, google,youtube or any other google related websites, it shows this error
    “CANNOT CONNECT TO THE ACTUAL G-MAIL WEBSITE. SOMETHING SEEMS TO INTERRUPT YOUR CONNECTION WITH G-MAIL. SO THIS RESTRAIN HAS BEEN PUT DOWN FOR SECURITY REASONS. PLEASE TRY REFREASHING PAGE AND TRY AFTER FEW MINUTES.” And “SSL Error” is written on her tab. she is facing the problem since 15 days or so .
    Even her facebook page is not the usual one that we use, it is the crude one (seems her facebook is also affected).Please guide some solution to this.

    Reply
    • Hi Shritama,

      It seems this PC needs to be scanned with a proper software to look for any malware or dangerous applications. We would recommend that your friends installs a trial version of Quick Heal via this link – http://www.quickheal.co.in/download-free-antivirus. Once that is done, running a full scan would help. Moreover, she can then call our support center and speak to our technical experts who could solve this issue.

      Hope that helps.

      Thanks and regards.

      Reply
  57. abdulraheman khanApril 18, 2014 at 11:16 PM

    Thanks

    Reply
  58. KhargeswarRabhaApril 19, 2014 at 6:55 AM

    Very nice n useful to every one

    Reply
  59. KhargeswarRabhaApril 19, 2014 at 6:57 AM

    Very important to every one

    Reply
  60. KhargeswarRabhaApril 19, 2014 at 6:58 AM

    Nice one

    Reply
  61. KhargeswarRabhaApril 19, 2014 at 7:00 AM

    Useful to every one

    Reply
  62. KhargeswarRabhaApril 19, 2014 at 7:01 AM

    Amazing one

    Reply
  63. KhargeswarRabhaApril 19, 2014 at 7:02 AM

    Important one

    Reply
  64. KhargeswarRabhaApril 19, 2014 at 7:03 AM

    Very useful

    Reply
  65. Do you have any idea about Origin of The Bug?

    Reply
    • Hi Prasoon,

      A team of researchers working on OpenSSL actually created this bug due to a mistake in their coding structure. We believe this team operated out of Germany at the time.

      Reply
  66. this program not update…..

    Reply
  67. SUKUMAR MOHANTYApril 19, 2014 at 9:56 AM

    Very useful.

    Reply
  68. Thanks for the security update, however I have a query kindly correct if wrong. As updated to change all the passwords, however how often to change those? because aren’t the changed passwords vurnerable to Heartbleed attacks.

    Reply
    • Hi Amit,

      Ever since Heartbleed has been exposed in the public domain, all the major sites have been working to rectify the issue. With the amount of time that has now passed, it is safe to assume that most sites would have fixed this. If not, it would severely hurt their consumer base and their credibility. So, you can safely change your passwords now.

      Thanks.

      Reply
  69. fine…thax

    Reply
  70. It is sad to see that most Indian banks do not allow their clients to include `special characters’ in the password field. Such a password in tougher to crack. Apart from that,they only permit a maximum of eight characters for passwords.

    Reply
  71. Sabyasachi MishraApril 19, 2014 at 1:37 PM

    Qudos to
    Mr Rahul Thadani and the Quickheal group for the timely update and competent guidance. Surprisingly Quickheal has not been the antivirus software of choice of majority of corporates for their servers. How I wish they would be updated in time. Thanks again.

    Reply
  72. Thnks for the information

    Using QH since 2 years

    Fantastic Experience
    Thanks

    Reply
  73. Dear sir, Changing of Password related towards financial transaction or all to be changed from heartbleed ? plz advise me
    regards
    bhaskar

    Reply
  74. BhalchandraApril 19, 2014 at 6:17 PM

    Is my PC affected? How to identify?

    Reply
  75. Anant ThakurdesaiApril 19, 2014 at 8:15 PM

    Thanks. You have provided very use full information.

    Reply
  76. vikas bisoiApril 19, 2014 at 11:13 PM

    After installing Quick heal..screwed up my laptop…getting restarted frequently while working…sm driver error with a blue screen.

    Wish I had trusted on win 8.1 defender..

    Reply
    • Hi Vikas,

      We deeply apologize if Quick Heal has caused some issue on your laptop. However, since it works smoothly on almost all laptops, we request you to give us another chance. If you can call our support center on 0-927-22-33-000 or submit a ticket on this link – http://www.quickheal.com/submitticket.asp, we will resolve your issue immediately.

      Thanks and regards.

      Reply
  77. M.K.ThakurApril 20, 2014 at 4:13 AM

    Thanks for guidance and hope we will be promptly informed with your priceless effort. Thanks.

    Reply
  78. chandni singhalApril 20, 2014 at 9:43 AM

    nice tip

    Reply
  79. Very useful information. No more confusion about Heartbleed.
    Thank you very much.

    Reply
  80. it’s very nice.i liked it.Useful for evryone.thankyou for information.

    Reply
  81. Mantu JumarApril 20, 2014 at 6:27 PM

    Thanks for giving this type of info……….

    Reply
  82. Mantu Kumar SharmaApril 20, 2014 at 6:29 PM

    Nice……….

    Reply
  83. Will the Bug affect while passwords are being changed?

    Reply
    • Hi,

      Ever since Heartbleed has been exposed in the public domain, all the major sites have been working to rectify the issue. With the amount of time that has now passed, it is safe to assume that most sites would have fixed this. If not, it would severely hurt their consumer base and their credibility. So, you can safely change your passwords now.

      Thanks.

      Reply
  84. Sir,
    On my PC the date and time changes automatically again and again, i doubt if it this related to Heartbleed,or if not please tell me why?
    With regards
    Sri

    Reply
    • Hi Sri,

      How old is your PC? When a machine has been used for a long time, the CMOS battery needs replacement as it keeps resetting the date and time. This could be one possible cause here. Can you let us know further details?

      Thanks.

      Reply
    • Well Sir,it was bought in 2010 and yes sir i use it quite frequently,so what should i do about”CMOS battery”,i mean how can i replace it?and sir i’m can’t quite understand what do you mean by further details please can you list them i mean is it like the company name or anything?
      Thankyou for answering!
      Sri

      Reply
      • Hi Sri,

        Well you would need to visit a computer repair store and ask them to check the CMOS battery. They would be able to do so and provide a replacement. Alternately Sri, recommend you to call our support center on 0-927-22-33-000. They will be able to assist you with this issue.

        Wish you the best.

        Thanks and regards.

        Reply
  85. NITIN VERMAApril 20, 2014 at 9:32 PM

    we also need to change ATM card pin ?

    Reply
  86. Hi Rahul.

    Appreciate the Quickheal advisory on this important issue. I feel happy that our company has trusted Quickheal year after year to provide the best possible anti virus protection.

    Reply
  87. Isn’t there a risk while changing the password?
    The changed password can also be hacked by heartbleed right?

    Reply
    • Hi Mayur,

      Ever since Heartbleed has been exposed in the public domain, all the major sites have been working to rectify the issue. With the amount of time that has now passed, it is safe to assume that most sites would have fixed this. If not, it would severely hurt their consumer base and their credibility. So, you can safely change your passwords now.

      Thanks and regards.

      Reply
  88. piyush jainApril 21, 2014 at 9:56 AM

    Excellent. And thanks for the alert. Definitely me to will pass your information to as much possible.

    Reply
  89. my quick heal security every day shown as unsecured after starting PC but after restart , PC shown as secure for few hours then same problem shown as previous ..so how to solve this problem ..plz explain ..

    Reply
  90. Nice advice

    Reply
  91. Bipin MahadikApril 22, 2014 at 12:11 PM

    thanks sir,for the alert….I will take the right steps.

    Reply
  92. srinivas karariApril 22, 2014 at 5:35 PM

    Hi
    It is very good suggestion as well as effective.
    Thanks

    Reply
  93. sitesh kumarApril 22, 2014 at 9:07 PM

    best antivirus N.1

    Reply
  94. Useful information. Thanks.

    Reply
  95. bijaykumarparidaApril 24, 2014 at 6:07 PM

    most helpful message ,to all users ,thanks

    Reply
  96. Rajendra VermaMay 6, 2014 at 10:56 AM

    The information was really helpful. Keep me updated.

    Reply
  97. Santosh Rajaram DhembreJuly 14, 2014 at 4:36 AM

    Sir, My PC virus infected by one kind of virus that no antivirus can scan it because it was .exe and .ink file and it directly affected on installer common shell. so i worried about this much. but I had trick solve that completely remove or uninstall my quick heal antivirus pro and reinstall it and got update by internate and what happened that bloody virus had scan this time and after scanning was completed I had been prompt sent this virus to quick heal lab and i did that.

    Reply
  98. Amarendra SinghOctober 14, 2014 at 9:57 AM

    Hi
    I am using my Quick Heal Antivirus but i m getting problem to update it always. why plz tell me and also give the solution.

    Reply