Heartbleed Bug

heartbleed bugWhat is the Heartbleed Bug?
First of all, the Heartbleed Bug is NOT a virus.  You cannot “catch it” on your computer by downloading an e-mail attachment or clicking on a compromised website like a typical virus.  It is not a threat to your personal computer or any data stored on your machine.

As a bug, Heartbleed is a hole or vulnerability in OpenSSL, a cryptographic software that encrypts and protects sensitive information entered on secure websites.  Hackers aware of this bug can steal information that would normally be protected by the encrypted language on applications like e-mail, instant messaging, social networking, and banking sites.

How does it affect me?
Heartbleed does not affect every website or even all secure websites showing the “https,” only those using vulnerable versions of OpenSSL.  Some major sites have already fixed the bug or were never affected by it, such as Google, Yahoo, Microsoft, Bing, eBay, Facebook, and the IRS website.

A team of Google technicians and a Finnish security firm discovered the flaw recently, though it seems to have existed for several years.  Therefore, no one can be sure who may have your information or to what extent attackers may have exploited this flaw.  If your bank utilized compromised OpenSSL, hackers may have harvested passwords, communications, and other secure data.

What can I do?
Unfortunately, there is very little that consumers can do.  It is the responsibility of each company to upgrade their security technology and confirm that their websites are safe.  Some larger websites will keep the public informed, others won’t.  Consumers should:

1. Change your passwords to websites that contain sensitive information, such as your bank.  Change them now and constantly change them until you receive assurances that the institution’s site is secure.  For non-sensitive sites, wait to change passwords until their security is verified.

2.  To check whether a website is vulnerable to this bug or not, go to https://lastpass.com/heartbleed and type in the website you want to use.  It will scan that site and let you know if the Heartbleed security flaw is present or not.  If it is flawed, avoid visiting it.  If not, it’s fine to use.

3.  Call your bank or other financial institutions if you use their online features to see if they have secured their sites.  They have a duty to protect the sensitive information of their customers.

As discussed on a WEEU radio broadcast 4/10/14.

Tagged   /     /     /     /     /     /     /     /     /     /     /     /     /     /     /     /     /  
Call Now