Of course, you have heard of this SSL Certificates bug called Heartbleed which recently became famous. Discover what this bug is and how to protect yourself from it.
What is Heartbleed?
This is indeed a secuirity bug in the OpenSSL Protocol in Android that has been recently discovered. It can enable a third party to steal information sent via Internet as soon as the protocol is used. This flaw has been actually used for the last 2 years. Researchers have just discovered this bug that allows malicious people to steal personal data connections using OpenSSL through the SSL and TLS protocols. This is particularly the case of HTTPS allows to connect to sensitive sites such as social networks, webmail or banking sites.
Is Android affected?
Android can actually be potentially affected by this bug, i.e. OpenSSL 1.0.1f version currently available on Android is vulnerable. The flaw indeed affects all OpenSSL versions, from 1.0.1 to 1.0.1f. The good news is that a 1.0.1g version has been released on April 7th that fixes this bug. But to be deployed on Android, you also need to update you phone ROM. You are then left with the hope that manufacturers will play the game but there are still some concerns about some older phones which are not updated and remain vulnerable.
How to protect this fault?
If your device, your computer and even the server you are connecting to have the old version of OpenSSL, your personal data are at risk. For Android phones, some antivirus vendors have created dedicated applications to check version of OpenSSL on your device, such as Heartbleed Detector. But if your terminal has undergone this bug, it depends on manufacturers or operators’ ability and speed to fix it.
Regarding the websites and servers, you can check the reliability of the websites you visit (especially when you make purchases) on these two sites: https://www.ssllabs.com/ssltest/index.html or https://filippo.io/Heartbleed/#slate.fr. A list of vulnerable sites is also available on Github. Regarding the fact that webmasters are currently struggling to solve this problem, a large number of vulnerable sites do not take all the necessary measures, as it involves routine processes that are complex, including the removal and the renewal of SSL certificates. Obviously, some hacker groups must be exploiting SSL identities of all vulnerable hosts to launch further attacks .
The safest way to protect your Internet connection when using your computer, mobile or tablet is to use a VPN service. This will ensure that no one listens and uses the data that you send through an unprotected internet connection. You will prevent your banking passwords, e- mail accounts or your social networking profiles to be intercepted and used, without even your knowledge.
Our service VPN encodes your Internet connection with a complex encryption system using the AES-256 algorithm. This coding will make it impossible anyone to interact with your personal data, even if your connection has been compromised or intercepted. Any information you send will go directly into your secure virtual tunnel. With a VPN, you can easily direct your traffic by choosing a server in one of the 50 countries available. This way, you will enjoy the best VPN service for a secure Internet connection from your computer, tablet or mobile phone, even being able to use a VPN connection simultaneously for 2 devices.
Le VPN Spring Special
Get Le VPN 2-year plan for $69.60 or $2.90/month