No doubt you have heard about the “Heartbleed Bug” and know that it has something to do with Internet security hacks. The long string of Internet security risks has likely hardened you to springing into action with the release of yet another bug. Since Target caused such an uproar when their security was breached it seems as if a new familiar name is breached on a regular basis which makes us all wonder, has the Heartbleed Bug just been overblown?
Understanding the Heartbleed Bug
So why have so many people sat up and taken notice about this particular security breach? Perhaps due to the exposure it has received from it’s poetic name. More likely it is because of the massive issue it poses to the Internet as a whole. Only hours after being alerted to the bug a computer security firm, Codenomicon not only launched a website for it, Heartbleed.com, but their clever use of branding has gone viral. The problem was first discovered by a Finnish security team of experts at Google, and reported Monday, April 7, 2014. By the next afternoon on Tuesday, April 8, a number of the larger websites such as, Google, Facebook, and Amazon Web Services, had all either fixed or were in the process of deploying the patch.
What is the Heartbleed Bug?
The Heartbleed Bug is an issue with a type of software called OpenSSL. This software is used to encrypt sensitive information, like your usernames, passwords and even credit card information, between servers. OpenSSL contains RFC6520, otherwise known as the “heartbeat extension” which basically checks that a live connection exists between two servers or devices. The glitch found in the code allows one device to grab bits of memory from the other, ultimately creating this security alert.
What has been done about the bug?
A patched OpenSSL version does exist and has already been deployed by most of the major players, and will likely be deployed by almost everyone that was vulnerable in the next week or so. You will most likely receive emails from companies that use systems such as Amazon Web Servers that you will be logged out of your account and should reset your password upon logging back in just as a precaution. It is also suggested that you change your password to any finance related sites, including bank accounts, credit cards, investments, and automated payments, or any service where this information may be stored, even if they aren’t on the list of vulnerable sites.
Resetting your Passwords
It is always suggested to reset your password on a frequent basis, but in this case, resetting your passwords before the patch can be put into place won’t really help you. The major sites will put out a release and likely notify you by email when the patch is installed, if they haven’t already done so. Your password should always contain a combination of upper and lower case letters, numbers and special characters to make them less vulnerable. If you feel that your information has been breached you should contact the owners of that specific site and any financial institutions which may have been hacked immediately. Better safe than sorry.
Let us know how the Heartbleed Bug has touched you and your Internet experience in the comment section below.
Keep up with the conversation