Heartbleed- Is your information safe?
This month there has been a lot of coverage on the Heartbleed bug which is said to have left us all susceptible to having our private information stolen. I am here to let you know what Heartbleed really is, what it means for you and what you need to do next.
Some words you need to know first:
SSL- Secure Sockets Layer– This is a protocol which protects most websites that encrypts data in transit.
Encryption– where computer data (often private) it put into a coded form that can only be accessed by authorised parties. Encryption is used by websites to keep your passwords safe.
Server– a system that responds to requests across a computer network to provide a service, it is often comprised of software and specialised computer hardware.
Hacker– In this case we are talking about cyber criminals
What is Heartbleed?
The Heartbleed bug is an encryption flaw in OpenSSL that has caused a great deal of concern about the safety of many people’s private internet account information. The information that the Heartbleed bug could have jeopardised include user names, passwords, email and instant messages content, primary and secondary encryption keys and other documents.
Originally the vulnerability was spotted by an engineer from Google called Neel Mehta but it was also identified separately by Codenomicon who are a Finnish security firm. Once it had been investigated an official statement and security advisory was released by OpenSSL on April 7th. Since then many organisations who were thought to have been effected have worked to patch the hole in their security.
Although the name Heartbleed may sound unrelated and made up it is actually relevant. OpenSSL includes an option for the client to keep maintain a connection with the server by sending a heartbeat signal. Clever hackers can exploit the opening with a request that can “bleed” the server of otherwise protected information being stored by the server.
What does this mean?
There are certain sites which have admitted that the vulnerability was present on their sites. These sites include: Facebook, Instagram, Pintrest, Tumblr, Yahoo (including Yahoo mail), Etsy, Flickr, Minecraft, Netflix, SoundCloud, Youtube, DropBox, OKCupid and WordPress (Source: Mashable). This means that if you have an account with any of these sites that your information may have been open for attack and theft.
What should I do?
In the words of one great book DON’T PANIC! Although it is possible that Heartbleed has caused some people have had their information stolen, yet there is no clear evidence that any hackers were any more aware of the bug than the rest of us. It could have just existed without anyone knowing it was there until it was discovered this month.
Having said that, don’t rest easy just yet, you cannot (and should not) assume that your data is safe. Just as it is possible for someone to break into your home or office to steal an important folder from your desk, the same can be said for your information on your computer or on the internet. But just as you can put a lock on a cabinet you can put a lock on your information.
The one thing that you can do (other than leaving the modern world and the internet for good) is to change your passwords. All big sites have now patched the issue so their encryption is secure but it is still wise to take matters into your own hands somewhat and look after your security.
Please take a look at my blog post on the importance of password security and how to create a good password
Is your password leaving you vulnerable?