What is the Heartbleed bug, and how can I protect myself?

posted in: Uncategorized | 0

You may have received a cryptic email in your inbox recently, urging you to change your password to certain popular websites because of the ‘Heartbleed bug’ that’s causing a stir on the internet. Certain email providers, social media sites, financial institutions and other popular pages on the web are at high security risk because of a leak in the widely used OpenSSL encryption software. To break it down into layman’s terms, ‘SSL’ stands for Secure Sockets Layer, the encryption technology that makes it safe for a website and its users to share highly personal and private information like credit card numbers and user names. This Heartbleed bug is a weakness in that system that makes it possible for anyone with an internet connection to access the memory of the affected systems where this personal information can be found.

Heartbleed

Don’t freak out just yet.

Social media sites are big targets for the Heartbleed bug and if you have a Facebook, Twitter, Vine, Instagram, Tumblr, Google +, YouTube, Foursquare, or Flicker account you are advised to change those passwords immediately. Don’t use a password you use for other sites either; err on the side of caution with this. Your personal information is at stake. Abusers of the Heartbleed vulnerability can take your information and essentially steal your identity, posting from your account if they desire. Your LinkedIn and SlideShare accounts are safe, these websites aren’t affected by Heartbleed because they don’t use OpenSSL.

The email providers Gmail, Yahoo Mail, and GoDaddy are all susceptible to Heartbleed and you should therefore change your passwords for those as well.  AOL, Hotmail, and Outlook are okay.  Financial institutions like online banking sites are most likely everyone’s primary concern but generally websites like these don’t use OpenSSL and therefore aren’t susceptible to the bug. Examples of other general websites that have been affected by Heartbleed range from dating websites like OK Cupid to Amazon to TurboTax. DropBox has also been affected, as well as SoundCloud.  Treat any website with sensitive information as if it were vulnerable. Change passwords. Add security questions. Don’t ignore this bug.

All of these sites, as varied as they are, have different things at stake depending on what sort of information is kept on file. The social media sites are at risk for identity fraud related issues because of the personal information and access to user names and passwords. Financial information is also at stake if that sort of information is connected to your social media sites. As not everyone pays for Facebook credits or other services, it really depends on how the individual uses the site. Facebook, Twitter, Instagram and Vine accounts are also at risk for phishing hacks. Phishing could affect the email accounts that are affected by Heartbleed. The threat to identity, financial information, business/company information is present for these email sites too. All hope is not lost.

There is a solution out there, and sites are adopting the Fixed OpenSSL software and implementing it. At this time it is smart to monitor accounts and change security information as a precaution.

Check out the links below for more information:

http://www.digicert.com/ssl.htm

http://heartbleed.com/

Leave a Reply