The Heartbleed Bug – What you need to know

The Heartbleed Bug – What you need to know

The latest in Internet security threats has sent a tsunami of panic throughout the cyber-world. Security gurus are labelling the Heartbleed Bug “catastrophic”, and since the news broke on 8 April, companies have been in a frenzy trying to combat it.

What exactly is the Heartbleed Bug?

‘Heartbleed Bug’ is the nickname that has been given to a bug that has been discovered in a piece of security software. The alarming thing is that the software, called OpenSSL, is used by almost every secure website on the internet! This ranges from banking website to social media websites. It is most recognisable by the little padlock image in the left-hand corner of most website pages.

The reason the Heartbleed Bug poses as such a serious threat / is so concerning is that has the potential to secretly expose sensitive information. The bug enables hackers to spy on private communications, and to steal password/username combinations and credit card numbers that were used on perceivably secure sites.

heartbleed

Image courtesy of  TheAtlantic

Which sites are affected?

The exact number of websites that have been rendered insecure by the Heartbleed Bug has not yet been confirmed, although it is estimated to be approximately 500,000 servers. That means access to private password/name combinations from half a million sites! This includes the commonly used Facebook, Twitter, Gmail, and Flickr. Below is a table of popular social media and commonly use sites to assist you in determining what sites have been affected:

Name Vulnerable? Patched? Change password?
Amazon No No need Only if shared with vulnerable service
Amazon Web Services Yes Yes Yes
Apple Not clear Not clear Not clear
Barclays No No Only if shared with vulnerable service
eBay No No need Only if shared with vulnerable service
Evernote No No need Only if shared with vulnerable service
Facebook Yes Yes Yes
Google/Gmail Yes Yes Yes
HSBC No No need Only if shared with vulnerable service
If This Then That Yes Yes Will force users to log out and ask them to update
LinkedIn No No need Only if shared with vulnerable service
Lloyds No No need No
Microsoft/Hotmail/Outlook No No need Only if shared with vulnerable service
PayPal No No need Only if shared with vulnerable service
RBS/Natwest No No need Only if shared with vulnerable service
Santander No No need Only if shared with vulnerable service
Tumblr Yes Yes Yes
Twitter No No need Only if shared with vulnerable service
Yahoo/Yahoo Mail Yes Yes Yes

Table courtesy of BBC

How long has the bug been an issue?

The Heartbleed Bug was introduced into the OpenSSL software in March 2012. This means that it has remained undetected for the past 2 years, surreptitiously affecting thousands of websites and services.

How to protect yourself

The million dollar question is: “What should I do to stay secure?”

Many websites that were believed to be vulnerable to the Heartbleed Bug have already developed security patches that are being employed to help fix this issue. However until all websites have fixed the bug and a patched OpenSSL version is installed, here are a few helpful tips you can follow to help protect you from the bug:

heartbleed_new

Image courtesy of  LastPass

Change your passwords

Websites have released conflicting messages. Some recommend changing all of your passwords now, and then again once all sites have fixed the Heartbleed Bug. However others say this is a waste of time, and suggest you should only change your password AFTER the Heartbleed Bug has been fixed by all sites.

Just to be safe, we recommend changing all of your passwords now, and then again once the patched OpenSSL has been officially released. The most important passwords to change are for finance related sites (bank accounts and credit cards), email accounts, and all social-media accounts. However as the saying goes: it’s always better to be safe than sorry.

Do not ever use the same password twice

It is imperative that you NEVER use the same password for more than one site! Ever. Even if one particular site is free from the bug. When you use your password on a site that is less secure, hackers can use this information to guess your password on other sites!

Abstain from exposing your credit card details

As a safety precaution, it is advisable to refrain from logging into your internet banking accounts, and to avoid entering your credit card details into any online sites (yes, this means no online shopping for the time being).

Check whether sites are still vulnerable

Click here to make sure that sites you are using are protected against the bug.

 

copyright FRANk Media 2018