Anyone with a presence on social media has likely seen reports about the latest bug stirring online security concerns. Reports claim that the Heartbleed bug has wormed its way into large and small websites across every corner of cyberspace. Before panicking, take a moment to distinguish the hype from legitimate concerns.
What is the Heartbleed Bug?
The Heartbleed bug affects websites that transfer secure information, such as passwords, emails or credit card numbers. The URL for these sites begins with “https” rather than the usual “http.” These sites often have a little padlock somewhere on the screen, indicating they are secure. The Heartbleed bug affects the encryption technology on these sites, tearing a small “hole” through which a savvy hacker may gain entrance.
The bad news: Once hackers infiltrate the secure site through the hole made by the Heartbleed bug, they may access a variety of data. According to www.heartbleed.com, an attacker may possibly obtain primary or secondary key material. Primary key material allows hackers to decrypt past, present and future traffic to the site, effectively permitting them to bypass data encryption. Secondary key material includes credentials such as user names and passwords. Hackers also may get in and out without leaving a trace.
The good news: Companies with affected websites may close the Heartbleed hole by applying a patch or replacing compromised OpenSSL certificates. Most of the larger companies with affected websites have already taken this step. Fixing the issue will not protect data that has already been taken, but it will prevent future breaches.
What can the public do to protect itself from the Heartbleed bug?
Steps which the online public may take to guard against damage from the Heartbleed bug may help protect against other viruses or hacking attacks, as well.
1) Change passwords. It’s a good time to change passwords on all sites. Choose strong passwords and don’t use the same password across multiple sites.
2) Review credit card and bank statements. Follow up on any unusual charges.
3) Visit the VOICE website (https://www.victimvoice.org/) both for tips to avoid being victimized by cybercrimes and also for information about what to do if you have been a victim.
Keep in mind, that scam artists may try to profit from the Heartbleed bug. Don't click links in unsolicited emails or give money to anyone you don't know making any kind-of promise related to this bug.
Actions law enforcement may take
Since there is, as of the writing of this article, no way to trace the hacker gaining entrance by means of the Heartbleed bug, law enforcement should focus on advising their communities about good Internet hygiene, which, as noted above, not only helps to prevent damage from the Heartbleed bug, but from other Internet viruses as well.
For more information:
Heartbleed-bug_250; 153874961 Copyright musiicman, 2014 Used under license from Shutterstock.com
Heartbleed-bug_250; 52650079 Copyright Natutik, 2014 Used under license from Shutterstock.com