Heartbleed: What you need to know

Several people have contacted me because they were worried about “Heartbleed” – a software flaw that lets attackers steal the cryptographic keys used to secure online commerce and web connections.

First let me clear up something – this is NOT a virus.  Heartbleed is a bug that affects online servers, not your PC.

The bug, called “Heartbleed”, affects web servers running a package called OpenSSL which is the most common technology used to secure websites. Web servers use it to securely send an encryption key to the visitor; that is then used to protect information coming to and from the server from the so-called man in the middle attack, where a third-party intercepts both streams of traffic and uses them to discover confidential information.

Don’t Panic

This bug has been around for about 2 years.  While that means that hackers ‘could’ have been stealing information and passwords during that time the chances are relatively low.  If it were a well-known bug then it would have come to light sooner and been fixed.  So while the good guys didn’t know about it, neither did most of the bad guys.

What can I do?

There is nothing you can to do fix a website, but you can check to see if a website is vulnerable by visiting this site.  If the sites tests OK then I would recommend changing your password as it is possible that your password was detected before the bug was patched.  But do not change your password until after the site is fixed – now that this is known there’s more chance that someone will exploit it and you could actually be making the situation worse.

Should I stay offline?

If you can stay offline then that would be a good start – at least for a few days.  But most people can’t so I would suggest just being careful and, if you must visit a high security site such as a bank or email system then check it first using the website tester.  It’s the weekend…go outside and play!

Should I change my password?

Better safe than sorry.  But, as noted above, don’t change it until after the server has been patched.  Many well used sites such as Facebook, Instagram and Pinterest were affected and you should change passwords, particularly if you use the same password on multiple sites (as many people do).  For a hit list of passwords you should change right now check this list.

More information can be found via Heartbleed: Hundreds of thousands of servers at risk from catastrophic bug | Technology | theguardian.com.

Advertisements

Leave a comment

Filed under Online Security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s