May 13, 2014
Are you worried that a major security threat could affect your online business? If you have been following the most recent news during the past few weeks, you have legitimate reasons to be concerned. The Heartbleed bug is a massive risk factor that puts most of the info available online at great risk.
What Is Heartbleed and Why Should It Represent One of Your Main Concerns?
Security experts recently announced the presence of a very alarming vulnerability in OpenSSL, one of the most common data encryption standards, which basically enables hackers to get their hands on valuable information extracted from the most common services that we rely on every single day without questioning their security measures. We aren’t talking about a minor bug that could be easily eliminated by simply updating an app; we are dealing with a serious privacy threat impacting machines designed to power a wide range of services that are supposed to transmit 100 percent secure data, like Gmail or Facebook for example.
Could This Major Flaw Enable Hackers to Steal Our Confidential Information?
So the question is this: how can this OpenSSL flaw affect everyday people? OpenSSL is an encryption standard utilized by most Wweb pages that have to transmit info that all users plan to keep private. Whether you are chatting with a friend on Yahoo Messenger or trying to send an e-mail to a business partner, OpenSSL ensures a secure line and keeps your personal data private. At some point, a computer could send a packet of info known as a heartbeat requiring a response, to make sure that there is another computer at the other end of a totally secure connection. The OpenSSL flaw would enable hackers to use phony data packets disguised as heartbeats to make the computer share its stored data.
According to The Globe and Mail, 64 kilobytes of memory can leave your system with every single heartbeat; it may not sound like a lot, but 64 kb of memory can enable unscrupulous attackers to decrypt SSL sessions and get their hands on passwords and usernames.
The bug was initially reported by Neel Mehtas, Google’s security researcher and was also identified by Codenomicon, a company that is currently offering security testing solutions designed to spot and address vulnerabilities associated with both third-party and in-house software. You may be wondering: how serious is this threat? Apparently, Heartbleed has been around for approximately two years; this is a pretty large timeframe that may have been put to good use by hackers who are up to no good. Basically, this notorious bug enables anyone to get inside the memory of most systems that were allegedly protected by flawed editions of the OpenSSL software. Since the secret keys utilized to encrypt user passwords, names and traffic have been compromised and are no longer a mystery for skilled hackers, attackers are free to steal valuable info directly from the most popular services that we all know, love and use on a daily basis, to impersonate users and to eavesdrop on online communication that should stay private. The thought that someone could actually get to control every single aspect of your life by simply intercepting your messages or going through your personal data is pretty scary. At the same time, it is also a part of our reality that we can’t afford to ignore. Content creators rely on Google, Yahoo and YouTube to create, distribute and promote their work in the most effective manner. If these channels are affected by this bug, what would be the best method to prevent or minimize losses and cope with the negative consequences triggered by Heartbleed?
Is There an Effective Method to Stop This Alarming Data Leakage?
As you may imagine, the Heartbleed bug has created quite a stir since it was announced. Apparently, websites that still use the OpenSSL vulnerable versions could still be considered an easy target for hackers. Fortunately, a fixed OpenSSL version has been made available. According to Heartbleed.com, both users and service providers are advised to implement the fixed version as soon as it becomes available for the software they are currently using.
Updating Your Old Password: The Simplest Method to Keep Risks at Bay
At this point, you may or may not have been affected by this bug. However, it is not too late to take a few extra precautionary measures to minimize risks. According to Mashable, you should start by changing your passwords. It seems that some of the most popular social media platforms, including Facebook, Instagram and Pinterest, also take this matter very seriously and advise users to update their passwords in a timely fashion to reduce their exposure to this major security threat. Some of these first-hand social networking websites affirm that they haven’t detected any signs of dubious account activity; however they still encourage their users to reinforce their security measures by changing their password, especially if they use the same one on multiple Web pages. According to Yahoo Tech, your Android phone could also be impacted by this nasty little bug. Fortunately, a free app could let users know if their device is vulnerable to this threat.
Google also thinks that it’s better to be safe than sorry. This is why it recommends people change their passwords. Several services provided by Yahoo, including Yahoo Mail, Yahoo Search, Flickr, Yahoo Tech and Yahoo Food were also patched. Apparently, Yahoo started to fix this pressing issue as soon as the company got the disturbing news about the bug. It seems that more patches are on the way. If you think that eCommerce websites managed to avoid this threat, you’re terribly wrong. Etsy, GoDaddy and Amazon Web Services were more or less vulnerable and had to be patched. All banks contacted by Mashable said they hadn’t been affected; however some of them, including Venmo and American Funds still let their clients know that it may be a good idea to update their username and password as soon as possible to avoid further complications.
What to Do When Staying Safe Is Your Only Valid Option
To avoid further Heartbeat attacks you just have to implement a few simple solutions:
- Change your password set up for your accounts created on different high-risk platforms, including Facebook, Yahoo Mail, Soundcloud, Intuit, OKCupid, Tumblr, Gmail, GoDaddy and Dropbox.
- Make sure you don’t use a terribly predictable password (1234 or your date of birth is certainly not the most inspired pick).
- Create one unique password for every single account that you have
- There are also a few useful services like https://filippo.io/Heartbleed/ that enable you to test any website on your own and find out if it has been impacted by this bug. To get an answer, simply enter the URL of the website that you consider suspicious.
- You can also choose to avoid websites that are considered vulnerable to this security threat (an updated list of websites that are allegedly impacted by this bug was introduced by Digital Trends).
Prevention Precedes Cure!
You know what they say: prevention is better than cure. If you are worried that you may become the next victims of skilled hackers who use the Heartbleed bug to their best advantage, protect your content by opting for a new strong password and use special security testing services to verify any website you don’t fully trust.
Julia McCoy is a serial content marketer, entrepreneur, and bestselling author. She founded a multi-million dollar content agency, Express Writers, with nothing more than $75 at 19 years old. Today, her team has nearly 100 expert content creators on staff, and serves thousands of clients around the world. She's earned her way to the top 30 worldwide content marketers, and has a passion for sharing what she knows in her books and in her online course, The Content Strategy & Marketing Course. Julia also hosts The Write Podcast on iTunes.