Experts are reporting that the Heartbleed Security issue is estimated to have impacted at least 60% of the internet, and that’s being optimistic. This article is intended to help you consolidate a few helpful online sources regarding this devastating bug and catch you up to speed if you’ve been living under a rock since the announcement of the Heartbleed.
What is Heartbleed?
Heartbleed is what we’re calling a bug that was discovered in the data encryption program “OpenSSL”. This wouldn’t be such a major concern if OpenSSL weren’t as widely used as it happens to be. Heartbleed allows sensitive information (we’re talking your passwords, credit card information, instant messages, e-mails, contacts, etc.) to be extracted from websites that were using a relatively recent version of the OpenSSL security software.
Although OpenSSL has issued a fix, the vulnerability dates back to December 2011. Because the Heartbleed bug was only very recently discovered, this means internet predators may already have your sensitive data.
The official website for Heartbleed information is Heartbleed.com.
How do I know if I’ve interacted with a website vulnerable to Heartbleed?
In short, there’s almost a 100% chance you have interacted with at least one or more Heartbleed-vulnerable website since December of 2011.
You probably recall at some point or another seeing a “lock” icon next to URLs in your web browser when the website is indicating to you that you are communicating via a secure website. However, this “lock” icon is also an indication that the website is using OpenSSL–the security software which was determined vulnerable to Heartbleed.
Github released a list of some of the most popular websites which were recently found to be vulnerable to Heartbleed. Rest assured that many of those websites have since applied the new OpenSSL software to fix the issue, but again, that doesn’t mean that your sensitive information has not been accessed and potentially stored by hackers waiting to strike.
If you would like to currently test the vulnerability of a website to Heartbleed, you may use this online scanner to instantly review the results.
What do I need to do about Heartbleed?
If you want to be sure that you’re taking adequate precautions, then you need to change your passwords after using the online scanner provided in the link above to ensure that the particular website you’re changing your password on is no longer vulnerable. If the website is still vulnerable, wait until it is secure and then change your password.
Here are two more helpful articles you should take the time to review if you would like further information about how to ensure your internet activity is secure: From VentureBeat.com and from TheWire.com.
If I am one of your clients, do I need to be worried about my confidential information?
If you are a client of the firm, know that we go out of our way to never store your confidential information online. As such, any confidential information you may have provided to our firm is not at risk from our end. However, by no means does this protect your personal interaction with any Heartbleed-vulnerable websites that are not associated with the Law Offices of Tristan C. Robinson, P.L.L.C. For example, if you use an e-mail server that was vulnerable to Heartbleed you should take immediate action to change your password.