Heartbleed

April 29th, 2014 by admin

Heartbleed is a term you may have heard thrown around recently. This article is geared on what you need to know about the issue.

Heartbleed is dangerous.

The infamous logo of this bug.

Firstly, Heartbleed is not a virus. It does not infect your computer – but it does affect you. While Heartbleed doesn’t cause your computer any usual virus symptoms, like crashing, data loss, or being locked out. What Heartbleed does do can be just as bad though. Heartbleed is a bug that affects websites and is formally known as CVE-2014-0160.

Getting a little more technical, Heartbleed is a vulnerability in the security software employed by most of the Internet’s websites, called OpenSSL where a normally private mathematical key assigned to your identity can be taken. The Transport Layer Security protocol within the SSL software, also known as TLS is what protects your login information when you send it to a website, for example like logging into Facebook, Twitter, or your email or bank’s website. Using this vulnerability, a hacker who knows what they’re doing can extract your key, and match it with your public key which is always available – and then sign in as you.

On April 7th, an improved version of OpenSSL was released for website administrators to upgrade to, which should prevent Heartbleed from being able to be used. However, not all websites have updated yet, and if your technical information has been attained from Heartbleed, you’re still affected. At first, websites were advising to change your password for their site, but wait until the hole is patched because with the private key being hijacked, no password matters.

At this point in time, for most major websites, it is now safe to change your password; and changing your password is extremely recommended. Heartbleed is undetectable on who it affects and how deeply you are affected. If you use the same password for multiple websites and just one of those websites where your password may have been stolen from could allow the person into all of your other accounts as well. For as many online services as you use (to name a few: Amazon, Facebook, online banking websites like wellsfargo.com, Twitter, Youtube [or any Google services], any online mail service like Yahoo, Google, or Outlook.com, eBay, Etsy, Pintrest… and so on) each one should have their password changed.

If your computer is acting up and slowing down or locking up, or you have lots of pop-ups, none of that has to do with Heartbleed – though you should still bring your computer into us for a cleanup.

Watch your online accounts. Your banking info, your email, and your Facebook or other social medias. If you notice anything suspicious or your friends inform you that you might be ‘hacked’, feel free to call us at 218-744-1210, visit our website, send us an email or stop by the shop for advice on what to do. It’s a good idea to regularly change your passwords, but because of Heartbleed you should change your passwords for everything now. This vulnerability is so severe that no user of any website is safe with their old passwords.

Leave a Reply

*

code