The Internet security threat known as Heartbleed has been all over the news recently.
For those of us who aren’t quite sure whether this is the latest vampire series or something we really need to be concerned with, here’s what you need to know about Heartbleed.
1. This isn’t a virus.
Your computer can’t be infected with Heartbleed. It’s a vulnerability or “bug” in a protocol used by computers to perform secure transactions.
In fact, there isn’t anything a typical user can do except to change their passwords, but before you start doing that, read on.
2. The Heartbleed bug uses a flaw in OpenSSL.
This is a set of encryption tools used by some servers to establish secure connections over the Internet.
The flaw exposes small amounts of data that reside in a server’s memory to be gathered by a client that has established a secure connection with the server. If this extraction is done repeatedly over time, a lot of information can be harvested, including transaction and security information.
“Awareness is our best defense
against the bad guys out there.”
3. Not every secure Internet transaction is at risk.
It’s important to recognize that although OpenSSL is a popular tool for performing secure transactions, not all servers use it. By the time it was found and made public, there was already a fix for the vulnerability.
However, it’s unclear how many computers still have the flaw and whether it’s been exploited by any individuals or groups intending to do harm.
4. There is one surefire way to protect yourself.
What can we do to protect ourselves? As I said previously, changing passwords on your accounts is the only real protection we have.
However, you need to be sure the flaw has been fixed on the website you’re communicating with. Otherwise you would just be exposing your new password to potential theft.
So far quite a few companies have developed tests that can show whether a website has been fixed and the vulnerability threat eliminated. You also can check with the company directly.
Once you’ve confirmed a company you perform secure transactions with has fixed the problem, change your passwords.
This also is a good time to strengthen your passwords, being sure to use a combination of letters, numbers and characters. You should never have a password that is a common name or includes only numbers or letters. These are easy to crack and can leave you vulnerable.
Security threats, viruses and bugs are just a fact of life in our modern connected world. We should all get used to regularly changing our passwords and keeping our security software up to date.
Awareness of the threats and doing everything possible to prevent them is our best defense against the bad guys out there. Do your part!