NW3C News
A Leading Source for Economic and High-Tech Crime Prevention

Heartbleed Bug Creates Internet Security Worries

by Kim Williams  -   April 10, 2014
heartbleed-bug_250

Anyone with a presence on social media has likely seen reports about the latest bug stirring online security concerns. Reports claim that the Heartbleed bug has wormed its way into large and small websites across every corner of cyberspace. Before panicking, take a moment to distinguish the hype from legitimate concerns.

What is the Heartbleed Bug?

The Heartbleed bug affects websites that transfer secure information, such as passwords, emails or credit card numbers. The URL for these sites begins with “https” rather than the usual “http.” These sites often have a little padlock somewhere on the screen, indicating they are secure. The Heartbleed bug affects the encryption technology on these sites, tearing a small “hole” through which a savvy hacker may gain entrance.

The bad news: Once hackers infiltrate the secure site through the hole made by the Heartbleed bug, they may access a variety of data. According to www.heartbleed.com, an attacker may possibly obtain primary or secondary key material. Primary key material allows hackers to decrypt past, present and future traffic to the site, effectively permitting them to bypass data encryption. Secondary key material includes credentials such as user names and passwords. Hackers also may get in and out without leaving a trace.

The good news: Companies with affected websites may close the Heartbleed hole by applying a patch or replacing compromised OpenSSL certificates. Most of the larger companies with affected websites have already taken this step. Fixing the issue will not protect data that has already been taken, but it will prevent future breaches. 

What can the public do to protect itself from the Heartbleed bug?

Steps which the online public may take to guard against damage from the Heartbleed bug may help protect against other viruses or hacking attacks, as well.

1)      Change passwords. It’s a good time to change passwords on all sites. Choose strong passwords and don’t use the same password across multiple sites.

2)      Review credit card and bank statements. Follow up on any unusual charges.  

3)      Visit the VOICE website (https://www.victimvoice.org/) both for tips to avoid being victimized by cybercrimes and also for information about what to do if you have been a victim.

Keep in mind, that scam artists may try to profit from the Heartbleed bug. Don't click links in unsolicited emails or give money to anyone you don't know making any kind-of promise related to this bug. 

Actions law enforcement may take

Since there is, as of the writing of this article, no way to trace the hacker gaining entrance by means of the Heartbleed bug, law enforcement  should focus on advising their communities about good Internet hygiene, which, as noted above, not only helps to prevent damage from the Heartbleed bug, but from other Internet viruses as well.

For more information:

http://blog.cryptographyengineering.com/2014/04/attack-of-week-openssl-heartbleed.html 

http://www.intego.com/mac-security-blog/heartbleed-openssl-bug-faq-for-mac-iphone-and-ipad-users/

http://mashable.com/2014/04/09/heartbleed-questions-answered/

 

Photo credit:
Heartbleed-bug_250; 153874961 Copyright musiicman, 2014 Used under license from Shutterstock.com
Heartbleed-bug_250; 52650079 Copyright Natutik, 2014 Used under license from Shutterstock.com

 

Follow Us On

Follow/Like NW3C on Facebook

Follow NW3C on Twitter

View the NW3C channel on YouTube



Submit Your News
or Story Ideas


submit-news-article-idea


NW3C Training


View Training Calendar   Training Calendar


NW3C Contact

Phone:    (804) 273 - NW3C
 (800) 221 - 4424   

Email: informant@nw3c.org

© 2012. NW3C, Inc. d/b/a the National White Collar Crime Center. All Rights Reserved.
Disclaimer | Privacy Policy | Sitemap