Last month, security researchers at Google and Codenomicon, an independent security company, discovered a menacing security bug in a segment of software named OpenSSL, a security tool used to secure sensitive data on popular Web servers. The scary bug known as Heartbleed allows hackers to compromise OpenSSL’s encryption code. Essentially, any HTTP-secured website that utilizes OpenSSL may be compromised by exploiting this bug. After the discovery, the researchers noted that the bug had affected not less than 60 percent of active websites. If exploited, Heartbleed may allow hackers to get hold of information such as emails, passwords, and pertinent files sent across the Internet. While most websites have now taken prudent measures to patch this security flaw in OpenSSL, many sites are still vulnerable. Internet users are encouraged to use a Google Chrome extension called ‘Chromebleed’ to check if the websites they frequent have been compromised by Heartbleed. The extension uses a particular security Web service to check if the URL you’re trying to access is affected by the bug. A browser notification will be displayed if the bug is discovered in the URL.
The Harmful ‘Mistake’ that OpenSSL Contains
Because it is an open-source project, OpenSSL has a few developer volunteers that regularly upgrade the project to make OpenSSL more robust. It so happened that version 1.0.1 of OpenSSL made available on April 19th, 2014 contained a bug – Heartbleed – that allows a hacker to access a Web server’s memory (and, therefore, information thereon) without leaving a trace. The bug was in fact an ‘honest programming mistake’ introduced by one of the volunteer contributors in the new OpenSSL upgrade. Specifically, Heartbleed compromises a particular built-in feature of OpenSSL known as ‘heartbeat.’ When you access a URL on your computer, the website will acknowledge your request and inform your computer that it is listening to the requests from it. This call and response is what is known as the heartbeat and happens through data exchange.
Typically, for every request your computer makes, heartbeat only sends back an equal amount of data. However, for Web servers affected by Heartbleed, this is not what happens and a third party may exploit this and request more data from the server’s memory than the total amount of the initial request. The data that lives beyond the request may contain bits of data from other components of OpenSSL. The specific data stored in the additional memory space is totally dependent on platform. As the Web server receives more requests from various computers, the memory in the top-most part is recycled. Thus, there might still be previous requests residing in the memory block that may return with a request made by a hacker and those bits of data may comprise information such as cookies and login credentials that the hacker may exploit.
What You Should do to Annihilate this BUG
Undoubtedly, cybercrooks will likely want to exploit this bug whenever possible, so Internet users are advised to be on the lookout and take preventive measures, including using the Chromebleed extension to determine vulnerable websites. Fortunately, OpenSSL was quickly patched after the bug was unearthed and as of now, the version 1.0.1.g is free of Heartbleed. Even prior to that, if a Web server used OpenSSL versions that did not have the heartbeat extension, the server would not be vulnerable. Although the bug is largely contained now, it is essential that you change your passwords to all Web services you frequently access.
Are you getting popups from Heartbleed? Have you identified that you have Heartbleed
installed on your computer? Do you wish to remove Heartbleed completely from your computer?
Why should you remove Heartbleed?
If Heartbleed resides on your computer, it can potentially damage your personal files or
you may end up losing data stored on your system. Research has shown that Heartbleed may have
the ability to make your computer vulnerable to remote attacks which could result, initially, in
loss of money, possibly identity theft, and, eventually, a painstaking Heartbleed removal
process.
How can you manually remove Heartbleed
Manual removal of Heartbleed may not be for everyone. Each
manual Heartbleed removal step must be followed delicately to completely remove all related
files and registry entries from your computer. If you are unsure or have doubts about editing your
system registry, then we recommend that you use the automatic Heartbleed removal process.
Heartbleed can be removed manually by following the steps below.
With all programs closed, click the Start Menu and go to the
Control Panel.
Locate the Add/Remove Programs icon and double click it.
Locate Heartbleed in the list of programs. If you find it, select
it and remove it. If you cannot find Heartbleed, you can continue to step 5.
Restart your computer.
Close all open programs and windows on your desktop.
Open your registry editor (regedit) program by going to Start Menu, type in
regedit, and click OK.
Find all of the following registry entries and delete them. If you do not know how to do this,
then you can read how to edit the registry in Windows.
You may need to return to this removal process for removing Heartbleed.
You can do this easily by bookmarking or adding a favorite to this page by
clicking here. If you are using the FireFox web browser you can press the
keys Ctrl and D simultaneously to bookmark
this page.
Image 1. Bookmark PCHubs removal process
Delete all of the following files that are associated with Heartbleed from
your computer.
If you need a better understanding on how to search for these files then you can read
how to find and search for files and folders here.
If you have issues deleting any of the previously listed files that are associated
with Heartbleed, you can try rebooting your computer into safe mode. Booting into safe mode may
allow certain malicious files to be deleted. If you are wondering how to boot into safe mode, you can
read our process for starting a computer in safe mode here.
Image 2. Select "Safe Mode with Networking"
After locating and deleting the previous files you must remove all directories
associated with Heartbleed by going to the
C:\ProgramFiles\Heartbleed folder, select it, and delete it.
In some cases you may not be able to find this directory. You can still continue to the
next step.
Restart your computer. You do not need to boot into safe mode at
this point. You should have removed Heartbleed completely from your computer.
If you find that Heartbleed is still on your computer, you can repeat the steps
again or go to the automatic Heartbleed removal process.