Heartbleed


What is Heartbleed?

First let me tell you what it is not.  It is not a virus that is going to infect YOUR computer.   But you do need to be concerned about your sensitive information if you do anything on the internet.

Heartbleed is a security bug or programming error in  OpenSSL.  OpenSSL is what is used on a secure website where you  enter your password  and sensitive information.  The software code encrypts and protects the privacy of your password, banking information and other sensitive data you type into a “secure” website such as Yahoo Mail. Such websites can be identified by the little “lock” icon on your browser or the “s” at the end of “https” before the web address.  When the bug is exploited the attacker can retrieve memory (up to 64kb) from the remote system. This memory may contain usernames, passwords, keys or other useful information that enables bigger attacks.

If you have entered your personal information into a website that has been exploited you are at risk of having your sensitive information randomly retrieved by an attacker.

WHAT CAN YOU DO?

The first thing you should do is to change your passwords.  Change your e-mail password and the password of any online accounts you might have, especially banking websites or any websites where you have entered sensitive information. Use a combination of upper case letters, lower case letters, numbers and special characters.  This will ensure you have a strong password. The second thing you should do is monitor your credit card statements.  If you see any suspicious activity call your credit card company immediately to report it and request a new card.

 A patch for heartbleed has been released.  You can go to

http://www.cnet.com/how-to/which-sites-have-patched-the-heartbleed-bug/ to find out which sites have applied the patch.

Unfortunately we live in a world where the internet is a dangerous place, but diligence equals safety.

Comments are closed.