I’m sure you’ve heard about heartbleed in the news in the last few weeks. But what is it? And should I be worried? Basically, it’s a very bad security flaw and yes you should be concerned. Read on and I’ll explain why.
This vulnerability (which is actually 2 years old!) in the OpenSSL encryption system potentially let people discover your login and password information even while you were using supposedly secure sites which display the encryption padlock.
Remember that you were taught ‘if the padlock is there then it is secure’? Well, not so much with this vulnerability.
SSL (Secure Sockets Layer if you really want to know) is used by a lot of online services such as Google, YouTube, Yahoo, Flickr, Facebook and Instagram. Also Dropbox, Box, LogMeIn, Amazon Web Services, Tumblr, Reddit, GoDaddy, Netflix, Steam. You may have received emails recently if you have accounts with these companies that mentioned something about it, and the status of what was at risk with them with the vulnerability. If you haven’t, visit the respective websites and look for some sort of announcement.
So what can I do? Well, once you have confirmed that the company has fixed or ‘patched’ the heartbleed problem, go and change your password. And see it as an opportunity to be more creative with passwords – don’t pick easy to guess passwords, and definitely use a different password for each online service.
If you are like me, you will have a large number of passwords for sites which at times can be hard to remember. Use a well known password manager such as Lastpass or Roboform to assist you there.
What have you read about the heartbleed bug? Did you realise how serious it was? Leave a comment below.