How does the Heartbleed affect me?
I’m sure you’ve all by now heard of the highly publicised Heartbleed bug. It is pretty obvious that this bug is a large threat. To address this issue, I have answered a few of the most popular questions people have regarding the Heartbleed bug.
So, what exactly is the Heartbleed bug?
The Heartbleed bug is a major security flaw at the heart of the internet. The flaw exists within the coding of the open source software OpenSSL. OpenSSL is designed to encrypt communications between a web server and the users computer. (Have a look at our previous blog post for more information) Effectively this software protects information shared from being viewed by any nosey third parties trying to take a pe ak. You will know SSL is enabled when you see a small green padlock in your browser.
The Heartbleed flaw has basically allowed for a backdoor that allows attackers to eavesdrop on communications, steal data and impersonate services and users.
Does Heartbleed Affect Me?
OpenSSL is the most popular implementation used to encrypt this type of traffic on the internet. This means that you are likely to have been affected, either directly or indirectly by using one of the affected websites or services.
What should I do?
Security experts are advising that any website or service hit by the bug should be avoided until they have fixed the bug. Although the majority of websites that have been affected by the Heartbleed bug have already fixed the bug, it is advisable to double check their status before logging in. This includes internet banking, online shopping or anything that required credit card or personal data. There are a few tools available to help check vulnerability, which you can find through Googling.
Should I Change My Passwords?
I’m sure you have seen or heard the media blitz suggesting everyone to change their passwords…immediately. This is wrong. Until you have verified the website has fixed the bug, a new password would be just as vulnerable as your old one. Once the bug is fixed on that website, a new complex password is a very good idea!