It appears there’s a new superbug in town. No, it’s not ecoli or some new form of [insert animal name here]-flu. In fact, this one has no biological existence, but that doesn’t mean it can’t irreparably damage yours. I’m talking about Heartbleed, the new super virus thwarting popular encryption codes and stealing passwords, credit card numbers and more.
Don’t let yourself fall victim to these kinds of attacks. Learn more about how to protect yourself from data theft. Because once your info is stolen, you could spend the rest of your life trying to get it back.
So What is it?
The Heartbleed bug is basically an exploitation of a vulnerability found in OpenSSL, an open-source encryption platform used by many, many companies. According to Business Insider, what happens is that, when computers are trying to communicate securely–i.e. through encryption–it sends a packet of information to the other computer as a means of confirmation. This is called a heartbeat. What the Heartbleed bug is is a malicious bundle of code passing itself off as a heartbeat, getting through the computer’s security and having the computer send back secure information, like passwords, credit card numbers, and, possible worse, encryption keys.
Who’s All Effected?
This is part of the problem: so many, many people! Many of the internet’s most popular sites–and not just American sites–are reportedly vulnerable. While many of the most popular sites and tools are currently unaffected (Google, Facebook, Microsoft, Dropbox), Yahoo and its subsidiaries like Flickr and Tumblr are exposed, and there have been many reports of Yahoo passwords being stolen by the heartbleed bug. Also exposed are Amazon, OkCupid, Slate, Steamcommunity, and many, many others.
So When Did it Appear?
This is also part of the problem. While the heartbleed bug just recently came to light, it appears the vulnerability used to run the bug has been there for some time, about 2 years. As the heartbleed bug leaves absolutely no trace, its possible sites have been under attack for 2 years!
What Can I Do?
Primarily, the change has to come from the company themselves, updating their encryption keys and software. On your end, you should change your passwords though, again, it won’t matter if the site has yet to update their software.