What is Heartbleed?
Heartbleed is a security flaw that affects Windows, Mac, Linux, Smartphones and tablet users. It can affect your email, instant messaging, and even your cloud storage.
Heartbleed – what a name! Conjures up a sudden urge to update one’s First Aid Certificate, doesn’t it. Well, it is a well deserved name as it is one of the most significant threats to security in the history of the world wide web.
The Finer Details
Heartbleed is an Open Secure Sockets Layer (SSL) (aka Transport Layer Security (TLS)) security vulnerability that steals protected information by the SSL/TLS encryption software library. SSLTLS encryption is used to secure the internet, under normal conditions. It poses online security issues for applications such as emails, instant messaging, virtual private networks and other websites using Open SSL encrypted certificates.
Heartbleed also allows anyone on the internet to read information on websites that are using Open SSL. This compromises any website vulnerable to Heartbleed. Heartbleed hackers can steal data, eavesdrop on communications and even impersonate services and users. This is because Heartbleed gives them access to personal information like your name, address and financial details like your credit card number, among others.
How can you avoid it?
Commerce websites using Open SSL are the primary target of hackers because it makes it easy to get credit card details and other pertinent information you would not normally share on other sites. Still, while these sites are vulnerable to Heartbleed, not all commerce and Open SSL sites are affected by this alarming security flaw. LastPass, a popular online password manager and form filler, has a Heartbleed checker which allows you to individually check the vulnerability of a website. You can also check the status of the top 100 websites at Cnet.
Before entering log-in details, or any details for that matter, on a website, make sure that they are not vulnerable or that they have patched the security vulnerability. Check the status of a website using the tools above. If a website is vulnerable, avoid visiting that website until they have taken care of the security issue. If the site was not affected or has already patched the problem, continue as before. Still, it wouldn’t be a bad idea to change your password. Just make sure you do so after being notified that the website has patched their security issues. Changing your password before they’ve secured their site is practically the same as handing the hacker your new password! Ouch!
Another way to protect yourself and your information from Heartbleed-vulnerable websites is to add browser extensions that warn you of what sites are affected by Heartbleed. One example is Chromebleed which is designed for Chrome browsers. Firefox also has their Heartbleed browser extension – Foxbleed. Unfortunately, Firewalls and Anti-Virus software are of minimum help when it comes to being exposured to Heartbleed.
For further reading on Heartbleed go to: http://en.wikipedia.org/wiki/Heartbleed