“Heartbleed” is the name of a bug that has caused information stored on over half a million of the Internet’s most trusted sites to be vulnerable to attacks. Although the bug was only discovered recently, it has left information exposed for upwards of two years; it is endemic of more systemic problems with Internet security and privacy law. Although this bug has largely been patched and fixed, it raises lingering concerns about the privacy of our information online.
The Heartbleed bug is a software fault in OpenSSL script that leaves private information vulnerable and exposed. Put simply, OpenSSL encrypts information users send to a website’s server, like passwords and credit card information. What the Heartbleed bug did was allow someone to have a server “echo back” that information.
A good example that is floating around is someone asking a server to say “bird” to tell the user the server is there–so the server echoes back the word “bird.” What the flaw allowed that person to do is ask the server to echo back “bird + 1000 words,” and get their command–word bird–along with the next 1,000 words on the server, which are inevitably commands of other users, like passwords and credit card information. Now, to be clear, this is not a virus, but simply a deficiency in one of the Internet’s most trusted security protocols.
In the wake of the news surrounding the Heartbleed bug, unscrupulous individuals have started exploiting the vulnerability. Many of these scams mimic Internet security sites expressing concern over theft of sensitive information. Moreover, hackers have started selling the code that allegedly can bypass the patched version of OpenSSL and still exploit the Heartbleed bug. Police in Canada have already arrested one 19 year old in connection to exploiting the Heartbleed bug.
What Should I Do about It?
The news about the Heartbleed bug broke at a less than ideal time: tax season. To make things worse, keeping the example above in mind, changing passwords immediately may have actually made them easier to hack. However, since the bug has been patched, here are a couple of simple things to help you protect your privacy.
- Avoid Using the Same Passwords – It may seem elementary, but using different passwords on websites is one way to ensure that if your information on one site is compromised, your entire digital life isn’t.
- Pick Complicated Passwords – Picking a complicated password may make picking your specific password out of a string of letter and numbers more difficult.
Should I Still Be Concerned about Internet Security?
Privacy lawyers and code writers alike have agreed that Heartbleed was one of the biggest disasters in Internet security. In the aftermath of the disaster, Google, Cisco, and other tech giants have teamed up to help fund and work towards an improved OpenSSL. However, Internet security is simply code crafted by humans; it is therefore prone to human errors which can be exploited by hackers.