Tech Tips & Tools – Heartbleed Bug
It’s time again to change those passwords. Yes – I know. Again? But it’s a necessary caution that you need to take immediately.
Just a little background on website security…. SSL is a website security code that encrypts the site to be secure for transactions or for sites that contain sensitive material. Email, IM, VPN (Virtual Private Networks) all use SSL. You can tell which sites have an SSL certificated by whether or not there is a lock image before the URL.
- A green lock means the site is secure and safe.
- A gray lock indicates that the site uses SSL but that there is detected unsecure content.
- A red lock means the site is not SSL certified and is not secure. Be wary when using these websites.
Recently developers discovered a flaw in the OpenSSL code that thousands of businesses use. Even larger corporations such as Paypal, Amazon, Apple, Blackberry and Ebay use OpenSSL. Microsoft, however, is not one of those many. Microsoft uses a much more secure option to process information.
Heartbleed, in effect, allows a “hacker” to steal users’ information by reading the memory of the flawed versions of OpenSSL. This allows the hacker to take information such as names, passwords, users, content. It also allows them to spy on communications and steal data directly from users. And worst case scenario, it even lets the hackers impersonate you or a service. Even more recently, it’s been discovered that internet routers and your PCs are now susceptible to Heartbleed as well.
OpenSSL is run by a committee of volunteer programmers, and while they accept the blame for the flaw and have attempted to patch it, they criticize the large corporations who use OpenSSL and didn’t catch it. OpenSSL is open-source code, meaning anyone has access to it.
They, along with many larger corporations have released patches and new security keys. Call the developer or vendor for any software or devices that connect to the internet to see if they use OpenSSL and if there is a patch available. If not, avoid using such applications or devices for sensitive materials and apply any updates as soon as possible.
McAfee, the popular security provider, has created a test to see if your favorite websites are vulnerable. See the test here.
Again, most larger companies have fixed the issue and released security patches. But thousands are still unaccounted for. Be safe, cautious and careful. Do your research.
For more information regarding Heartbleed, please visit this website.
If you have any Techie questions, send them to our news desk here. We will do our best to include them in the one of our upcoming issues.