Indian cyber security sleuths have alerted Internet users against a “highly severe” virus named ‘heartbleed’, which has sent alarm bells ringing across the globe for fear of exposing millions of passwords, credit card numbers and other sensitive information to hackers.
The virus prowling in the domestic arena, authorities said, attacks the open SSL of an online system which is the most essential protocol which encrypts information and data transfer over the Internet.
The Computer Emergency Response Team of India (CERT-In), the nodal agency to combat hacking, phishing and to fortify security-related defences of the country’s Internet domain, fears it could compromise personal data and passwords of a user.
“A vulnerability (heartbleed) has been reported in Open SSL, which could be exploited by a remote attacker to disclose potentially sensitive information. The vulnerability is due to improper bounds checking while handling TLS/DTLS heartbeat extension packets.
“A remote attacker could exploit this vulnerability by submitting crafted TLS or DTLS heartbeat packets to an affected device to retrieve sensitive information, such as private keys, user name and passwords or contents of encrypted traffic from process memory. By leveraging this information, an attacker may be able to decrypt, spoof, or perform man-in-the-middle attacks,” the CERT-In said in its latest advisory to Internet users in the country.
- Here’s Why Delhi-NCR Gets Pollution Code On Lines Of Beijing
- PM Modi Is More Interested In TRP Politics Rahul Gandhi At Congress Parliamentary Meet
- Bigg Boss 10 December 1 Review: Priyanka Jagga Succeeds In Her Divide And Rule Strategy
- Kahaani 2 Audience Reaction: Vidya Balan Starrer Thriller Gets Mixed Reviews
- Find Out What PM Modi Said About Demonetisation On LinkedIn
- Row Over West Bengal ”Military Coup” Issue Escalates: Who Said What
- Here’s How Mohammad Kaif Replied To Virender Sehwag’s Birthday Wish On Twitter
- West Bengal CM Mamata Banerjee’s Flight Reportedly Had Low Fuel: Here’s What Happened
- Reliance Jio Welcome Offer Extended Till March 31, JioMoney Launched
- Uri Attackers Came From Pakistan, Establishes Digital Data
- Bigg Boss 10 Nov 30 Episode Review: Captaincy Brings Differences In Manoj Punjabi & Manveer Gurjar
- Congress Vice President Rahul Gandhi’s Official Twitter Handle Hacked
- After Rahul Gandhi’s Twitter Handle, Congress Official Twitter Account Hacked
- 3 Dead As Army Helicopter Crashes In Sukna In West Bengal
- BJP, Congress Engage In War Of Words Over Nagrota Attack: Find Out More
Categorising the severity of the virus as “high”, the agency said all unguarded or vulnerable online systems are prone to the virus’ attack.
The virus, with derives its name from a ‘bleeding red heart’ motif, has made a number of countries sit up and take notice of its destructive and threatening activities over the last few days.
Two days back, Canada’s tax agency had said that it has temporarily cut off public access to its electronic filling services just three weeks before the tax deadline because of security concerns over the “Heartbleed bug.” “It has been confirmed that the virus is active in the Indian cyberspace too. Some of its suspect messages also resemble a ‘red-coloured X’ motif similar to the red bleeding heart,” a cyber security expert told.
Experts advise that all suspect incoming emails, messages, audio and video clips and e-links should be immediately discarded by users and once someone receives such a message they should immediately change their password. The cyber security agency also asked users to upgrade their openSSL to the ‘1.0.1g’ version and all timely upgrades of anti-virus, operating systems and other firewalls should be carried out by users at their end.
The affected systems in the Indian online space are the “OpenSSL versions 1.0.1 through 1.0.1f and OpenSSL 1.0.2-beta”. Some countermeasures have also been suggested by the CERT-In in the latest advisory. “Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS or they consider the usage of Perfect Forward Secrecy to minimise the damage in case of a secret key leakage,” the advisory said. The PFS is a security protocol.