If you’ve been on the internet the last few days you’ve probably seen plenty of information about Heartbleed, a security hole in the popular OpenSSL format. But what is Heartbleed? And more importantly, how does it affect you?
Heartbleed is the name given to an oversight in some code written almost 3 years ago for the OpenSSL format. OpenSSL is used to keep connections between a computer and another computer private or secure. OpenSSL is great because it’s, well, open. That means anyone can look at the code and see if something is written poorly or simply doesn’t work. The problem is, no one looked closely enough at this code. Until recently.
It’s been there for a while and no one knew
The issue now that the vulnerability has been exposed is that no one really knows if anyone has used it maliciously. Unfortunately there’s no way to look at server logs and see if Heartbleed has resulted in users data to being hijacked. So companies like Facebook, Google, Instagram and more are simply assuming the worst. And I don’t blame them. If there’s no way of knowing then it’s a much better plan to have users change their passwords (probably the more critical piece of information that could have been gained through the bug) and stop it before anyone losses valuable data.
And that’s where I start to wonder. If this vulnerability is so tiny that it’s only now being discovered and patched, what’s the likelihood that hackers have started using this in the wild? With the security community just discovering this after nearly 3 years there’s a big window where someone could have discovered and utilized the bug. But the reality is that it’s very unlikely. So take a deep breath and relax.
Change your password
But you just said relax? Yes, but I didn’t say be lazy. While the likelihood of this bug being used in the wild is pretty slim, there’s still the chance. Besides, changing your password periodically is just a good practice. Don’t freak out. But go change your passwords, just in case. For an amazing tool to manage all your passwords (and help keep the secure) check out Lastpass.
Most (all the major) sites who use OpenSSL have already patched the bug. Of course, there could be another bug down the road. Computer security is no easy thing. Thankfully there are people who are actively finding, fixing and releasing security updates who have your back. Now do them a favor and take a tiny step towards preventing data loss because of Heartbleed.
Need more information about securing your computer? Read on about how to prevent laptop theft (or at least get it back if it’s stolen).