Heartbleed: What it is and how to stay safe
Heartbleed - in a nutshell.
There's been a lot of hype surrounding something called Heartbleed in the last few months. I've stayed out of the fray until now, simply because there has been such a lot of data to gather and evaluate before I write you all and because frankly, it doesn't do to get all worked up without said data with which to make an informed decision.
First of all. Heartbleed is not a virus or any other malware.
What it is, though, is a security hole in a heavily used software standard for secure internet data. So what did Heartbleed do? Most simply put, it allowed a great deal of private and supposedly secure personal data to be exposed. This data was freely given to the hackers who exploited the security hole simply because they asked the server the right questions.
Now, a server is just a big computer that you request information from in the form of web pages and search results. If you ask the server the right question, the right way, you get the answer you were looking for.
With the Heartbleed exploit, unscrupulous people could ask the wrong question the right way, take advantage of the server, and get a ton of information back, including sensitive information such as passwords, banking data, credit card numbers.etc. Here's a great web comic at xkcd.com that actually explains it pretty well.
When in danger, when in doubt, run in circles, scream 'n shout?
No. Not really. In the intervening weeks since the news on Heartbleed went public, the big companies who were potentially affected applied software patches to fix the hole in security, and at present, Heartbleed is felt to be a comparative non-issue. Will there be future repercussions? Quite possibly. What they are and how they will affect us as individuals, if at all, remains to be seen.
click to view cnet's list of Heartbleed affected sites
What should you do to stay safe?
Well, minimally, if you haven’t changed your banking passwords in 6-12 months - or ever, now is a very good time to do so. Make a list of banking sites, investment companies etc that you do business with online and go and change your passwords. Use what you've learned in my classes to make them strong.
Another good safety tip is to start using Google Chrome as your web browser; especially now that Internet Explorer has been targeted by homeland security as unsafe for use.
Do the above steps, use good anti-virus such as AVG, browse safely and you should be just fine. If you need a little more reassurance, just give me a call. I'll be glad to help.
A more 'techie' article on heartbleed