April 17, 2014 by Eric Cates
The Heartbleed Internet bug is being called one of the biggest bugs to hit the Internet in the past decade, and with all of our most personal information linked through the Internet, you need to understand the threat and how to stay protected. What is it? What does it do? How can you stay protected?
What is it?
Simply put, Heartbleed it is an information leak. It begins with a dead zone in the software that the majority of websites on the Internet use to comprise personal information into endless strands of data and targets the encryption software that is involved with the collected data.
The Department of Homeland Security posted on their blog, April 11, 2014, warning that malicious attackers could exploit unpatched systems:
“While there have not been any reported attacks or malicious incidents involving this particular vulnerability confirmed at this time, it is still possible that malicious actors in cyberspace could exploit un-patched systems. That is why everyone has a role to play to ensuring our nation’s cybersecurity. We have been and continue to work closely with federal, state, local and private sector partners to determine any potential impacts and help implement mitigation strategies as necessary,” posted by Larry Zelvin, Director of the National Cybersecurity and Communications Integration Center.”
What does it do?
The Heartbleed bug allows hackers to gain access of a feature that computers use to see if Internet users are still online called a “heartbeat extension”. The signal given out by this heartbeat signal could potentially enact hackers to personal information stored in its memory with no trace of you being hacked. The bug can take the sensitive data stored on a server’s memory, including private data such as usernames, passwords, and credit cards.
According to CNNMoney, tech companies have identified about two dozen networking devices affected by Heartbleed. This includes, servers, routers, switches, phones and video cameras used by small and large businesses around the United States and Canada.
What does this mean for the individual?
Reports state that the Heartbleed bug could have been hiding for the past 2 years with the potential that someone could have been able to tap cell phone calls and voicemails, along with emails and entire sessions of browsing on your computer or iPhone. While changing passwords on all accounts is a best practice and a good start to stay protected, there is more that you should consider.
What should you do?
- Closely monitor all online accounts including email, social media, professional, personal, bank, billing and other accounts.
- Contact your account providers, requesting the okay to safely change your password and know that you will not be further affected.
- Don’t simply rely on companies contacting you to make you aware of the Heartbleed. Contact all the companies you hold an account with (large and small businesses alike) to ensure you were not affected, and to ensure they are following through to fix anything they were affected by.
- As the bug is exposed, stay updated with the currency of the threat. One suggestion would be to carefully watch your financial statements over the next few days or weeks until you know that your information is safe. The earlier you find the problem the better off you will be.
- ”After a website you are visiting has addressed the vulnerability, ensure that if it requires personal information such as login credentials or credit card information, it is secure with the HTTPS identifier in the address bar. Look out for the “s”, as it means secure.” (From Homeland Security blog)
Furthermore, if you use Android version 4.1.1, you should avoid transactions on your devices. Recent reports show that as many as 50 million Android devices worldwide may be vulnerable to the Heartbleed bug, according to the Guardian. The Huffington Post reported that a Google spokesperson said less than 10 percent of devices run on the vulnerable Android operating system.
In conclusion, contact all account providers to ensure your security, keep updated on the threat and understand the role you play in your security.