What you need to know about Heartbleed


What you should know…

It’s time to change your passwords… You have probably heard about Heartbleed already, but there are still some things you should know. Many major websites use an open source security protocol called OpenSSL. In 2011, its creators released an “update” with a very hidden design flaw. This flaw/bug allowed hackers to receive personal information from much of the internet (an estimated 2/3 of websites), which contains information such as session cookies and passwords. Affected websites include sites like Google, Facebook, DropBox, and so on. This threat has been around since 2011, but was only been discovered (by legitimate folks) on April 1, 2014.

Picture it this way…

Imagine someone installed a security system for your entire home, and this security system only allowed certain people in through the front door. Additionally, this security system was connected to every door and window in the house, and prevented any unauthorized entries. Now imagine that one window got missed during the installation, but no one ever knew. This window always stayed shut, but remained unlocked and unprotected. The homeowners might feel like their possessions were safe, until the day a burglar is caught entering through the unlocked window. This is kind of like what happened when the 2011 version of OpenSSL was released. Everyone assumed that their websites were safe, because no one had tried to enter through the “unlocked window.” Unfortunately, websites affected have been vulnerable for the last two years.

Since the discovery, almost all major websites have updated/patched their security encryption to prevent future attacks. In the mean time though, it is possible that our personal information and passwords are already stored in some hackers database. This means that it would be a good idea to change most of your account passwords, and especially the accounts with private content.

Remember to share...Share on FacebookTweet about this on Twitter