A “Heartbleed”, although not a detrimental health concern, is a serious issue – for Internet users. This “Heartbleed Bug” is described as the biggest security breach in Internet history. Why? How? These are valid questions. Let me share with you what this “Heartbleed” is, who it affects, and what you need to do in response.
What is a “Heartbleed?”
– It is the nickname given to security vulnerability in OpenSSL (an online encryption library). The vulnerability allows Internet hackers to find the secret codes that websites use to identify themselves.
– According to heartbleed.com, this Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software, allowing hackers to eavesdrop on communications, steal data, compromise passwords, e-mail accounts, user names, and other personally identifiable information.
Who exactly was affected by Heartbleed?
– Your password may have been compromised if you use the following services: Yahoo e-mail, Tumblr, Gmail and Google Drive, Twitter, and Facebook.
– If you filed your taxes through TurboTax or USAA, your data may have been vulnerable.
Is there any good news that comes from this Heartbleed?
– Yes! Most online financial services use other modes of encryption and were not vulnerable – including Connex Credit Union! If you’re a member of Connex, I’d like to assure you that our website was not compromised and your information remains secure.
– The threat in this case isn’t just in the fact that someone could gain access to your e-mail. The real problem is that most people use a small collection of passwords for most services. Hackers know this, and will therefore use those user names and passwords on other, more lucrative services. So it may be a good idea to update all of your online passwords.
What can you do about it?
– Don’t panic! The odds of any one password being released through this leak are small. This is an exploit that only a small number of the brightest minds in computing could find.
– If you use any of the services that may have been compromised, change your passwords! Pick a new password that is easy to remember and strong. Follow the same good password rules you always have to keep your data safe.
Developers have released a new version of OpenSSL without the vulnerability in it. There’s no need to change your online behavior – only your passwords!