Last week, we discussed the number of people using the same low security passwords for multiple sites. This week, we are examining the fallout of “Heartbleed”, which has been referred to as the worst bug to hit the internet. So what does this mean for the everyday internet user? Lets first examine what this ‘super bug’ is and what makes this so different to other security threats we have seen in the past. Heartbleed is the result of a flaw in the code design that keeps servers secure.
A quick explanation for the layman:
Everything you see on the internet and every piece of data you input from credit card details through to your D.O.B is stored on Servers (think of it as being a massive USB stick). Notice next time you go to a banks website, that the address changes from the standard http://www to https://www. That little ‘s’ that you can see lets you know that you are now on a secure network, also referred to as SSL encryption.
So what happens when there is an error in the SSL code? Meet Heartbleed. A very serious bug in OpenSSL, the most popular open source cryptographic library affecting over 500,000 servers. Researchers with Google and Codenomicon discovered the vulnerability last Tuesday with an immediate alert being issued by the Department of Homeland Security. What makes this bug even scarier is that Finnish Security firm Codenomicon ran a test on their own services, and were able to attack themselves from outside and leave without a trace. In other words, there’s the possibility that hackers could have accessed any number of servers and stolen sensitive information without anyone being the wiser.
So why haven’t you been told about it? Well there’s a good chance that the website owners don’t know if they were affected and/or things are getting swept under the cover. Keep in mind this bug has been around for 2 years, and it took the greatest tech minds in the world to only recently discover it. But rest assured, the big 4 banks are telling us that they knew about the bug and had measures in place. Maybe I’ll just leave that one for you to decide, do you trust your bank?
So what now? Well security updates have been made, but that doesn’t mean that you are not at risk. If your username and password has been exposed to this recent threat (keep in mind there’s a good chance you will never know) , then there is nothing stopping someone from now or in the future gaining access to your secure information. Moral of the story, change your passwords. Some of the affected sites include the Myer Visa Card and Myer Card websites, as well as the Coles Mastercard site and GM money. For a a run down on US based sites, visit Mashable’s list.