If you’ve been vacationing on a remote island sans wifi, or have just climbed out from underneath your favourite rock, you may not have heard of the widespread Internet security flaw that is Heartbleed. If you spend most of your days on the net like I do, chances are you’re well aware of the “fatal” flaw that is running amok on our interwebs.
Either way, while you may know about Heartbleed, you may not know what it actually is, or how it can affect your family and your own internet safety. So, I figured I’d break it down for you.
Most websites use a piece of software for account logins, passwords and such called OpenSSL. It’s generally used for security and it is very popular among the majority of websites out there that require a login feature. It basically encrypts (turns your data into a sophisticated code), so what you save and send to a website (say, passwords, login info, cookies, account numbers) can’t be seen by bots, hackers, or other sites.
You know how back in the early 2000s, when banks started offering online banking and everybody was like, “Ack, is it safe to put my account info on the web?” and they were all like, “Oh yeah, totally safe! We use OpenSSL!” Yeah . . . that.
What Heartbleed is, exactly, is basically a bug in a specific version (1.0.1) of OpenSSL that allows for someone to get that data off of a web server without leaving a footprint behind. More specifically, it exploits a specific feature in OpenSSL, called “heartbeat,” which basically is the feature that allows your computer and websites to communicate with each other (sort of like a call and response.)
In layman's terms, Heartbleed allows people—theoretically with malicious intent—to swipe your information from sites that you’ve saved them on. Like, for instance, your Twitter account, hosting information, Facebook account, bank account and info, the list goes on.
But don’t freak out! There is no evidence that any information has been swiped (so far), and there is an easy fix!
Protecting yourself from the Heartbleed bug is easy. You will probably receive, or have already received, an email from most sites you have an account with detailing how they’re handling Heartbleed. Most have already patched the issue on their end, so now the only thing left to do is on your end. Change your passwords! On everything! (Pro Tip: abc123 or password are NOT good passwords!)
It might take you, at most, 30-40 minutes to go through your regularly used sites and change all of your passwords (and then verify them via email). I strongly suggest opting in with sites where you can use two-step verifications, like Twitter and Google. This will not only make your accounts more secure, but it could protect you in the future if another issue like this comes up.
At the end of the day, we have to remember that technology is man-made and there is always a chance for human error.
The one advantage of this mass technological misstep is that now we have a truly believable (and rather hilarious) excuse when things don’t go our way!
Spent too much on your credit cards this month? It must’ve been hackers! #BlameHeartbleed
Forgot to pick your kids up from school? Vehicle computer malfunction. Car wouldn’t start. #BlameHeartbleed
Didn’t text your best friend back? Obviously your phone was hacked. #BlameHeartbleed
Try to come up with your own! It’s quite entertaining.
Did you know that credit card thieves can now steal your credit card information without you ever even taking your credit card out of your wallet or purse?
Take this fraud prevention quiz to see how fraud-savvy you are.
Printer-friendly version