Beware of the Heartbleed bug
Heartbleed. It’s a word that almost instantly became synonymous with unprotected software and malicious attacks. We live in a world where the lifeblood of communication, productivity, and innovation relies heavily upon the interconnectivity of machines. Amoral electrical impulses flood our world with data and knowledge, with the moral use of those signals lying solely with the user. Herein lies the greatest challenge to modern day computing: known as blackhat hackers, these netizens carry the unique distinction of causing mayhem online, whether through identity theft, website defacement, or sailing the burgeoning seas of bitcoin theft. Heartbleed is the most recent high-profile bug, and one which allows hackers to carry out malicious attacks on unsuspecting companies and users.
The exploit was first discovered by Google Security Team employee Neel Mehta and reported to the OpenSSL Software Foundation on April 1, 2014. OpenSSL is the open source implementation of the Secure Sockets Layer (SSL) protocol which enables secure, encrypted communication over the internet. Heartbleed allows a user to bypass this secure protocol and take 64 kilobytes of random data from a server with each attempt. In an age where a 1 terabyte hard drive is common, 64 kilobytes may seem insignificant. However, if the attack is carried out continuously over even just a short period of time, credit cards, private account information, and any of your personal details can be stolen from an unprotected server.
Upon discovery in April, it was estimated that 17 percent of the internet was affected, amounting to around half a million websites. While companies have since begun patching their website servers, below are some steps you can take to make sure you’re protected.
1. Don’t change your password yet!
Yes, it may seem counterintuitive — after all, we’re always told to reset our passwords after a security breach — but you’ll want to wait to change your password. Once companies patch the flaw, then change away. A good way to test which companies have updated their servers is to browse to https://filippo.io/Heartbleed/. Simply input the name of the website and you’ll know right away if it’s safe!
2. Effectively manage your passwords
Strong password management can go a long way in helping you stay one step ahead of the attackers. Be sure to use different passwords when creating new accounts. This will prevent hackers from acquiring that “one ring to rule them all,” a scenario in which a single password furnishes complete access to all of your accounts.
A password manager provides an easy way to keep track of this box full of passwords you’re likely to have. LastPass (www.lastpass.com) has set the standard for rock solid online password management, not only providing a free and easy-to-use web interface, but also coming with the added benefit of Chrome and Firefox extensions to automatically fill in your data within those browsers. For offline encrypted password storage, Keepass (http://keepass.info/)will more than meet your needs by providing searchable, easily managed password lists. Both managers will also create the cryptographically secure passwords they store, so no more racking your brain to come up with a hard-to-crack sequence.
