It took 2 years of time to detect the bug in the SSL software version and by this time many operating systems started using this version and was infected. Bug was in released into market on 14th March 2012 & it was fixed on 7th April 2014.Below are the status of the versions released.
Riku, Antti and Matti who are a team of security engineers at Codenomicon and Neel Mehta of Google Security found the bug with SSL and reported it to the OpenSSL team. Security engineers at Codenomicon team found heartbleed bug while they were improving the SafeGuard feature in Codenomicon's Defensics security testing tools. They reported the bug to NCSC-FI for verification and coordinating with SSL team.
SafeGuard feature was developed to automatically test the machine to check for vulnerabilities which could compromise the integrity, confidentiality and security. SafeGuard is a …show more content…
Answer to this question would be most likely yes and it can be done directly or indirectly. Many of the modern-day transactions, communication uses TLS for encryption and decryption of data over internet for example all social networking sites, organizational sites, government maintained servers and almost every service that uses internet. Many online services use TLS to identify and authenticate users by asking user name and password. Indirectly we might be using a client software that was affected with bug and loose our confidentiality. Main problem of this bug is when there is exploitation it won’t leave any traces in logs that this has happened in any form.
Heartbleed is very vulnerable as there is no need for the attacker to be in middle of the attack. Attacker can directly identify a service which is using the vulnerable software and attack the service directly. As the key information is leaked directly to the attacker this will help the attacker who is in the middle to take control and do more