Let me explain a little bit. I’m talking about “The Heartbleed Bug”, a recent security threat that is affecting hundreds and thousands of websites. Now, you have more than likely seen a lot of press in the last couple of days about the ‘Heartbleed Bug’, whether it be on the BBC news, or the Radio or online. It’s basically a compromise in Internet privacy & security systems that affects websites based on a certain type of servers.
The following statement is from the Heartbleed website: http://heartbleed.com/
‘The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.’
Although it is unlikely that many of the websites you use would have been targeted during the small time frame between when the vulnerability was published, and when they were patched; it’s worth checking to see if you’re safe. There are a few things you can do to check, starting with changing your passwords on any websites that you know have been affected. You may have had an email from companies requesting you do so. But beware, there are a couple of tips you should follow.
1. If you get a “Password Reset” email notification that you didn’t request, never click on the link in the email.
2. Always open a new web browser window, and navigate to the site yourself, login, and then change the password that way
Here’s some more advice:
Luckily already there is a couple of ways you can test to see if a site is vulnerable, or has been affected.
If you use Google Chrome as your web browser, then you can download a Chrome Extension, “Chromebleed”, which when you navigate through your websites will warn you when you’re on a site that has been affected.
Here’s the link to the extension: https://chrome.google.com/webstore/detail/chromebleed/eeoekjnjgppnaegdjbcafdggilajhpic
But perhaps the most useful method is an actual website where you go and if you’re unsure of a website, type in the web address and submit it, it will then test to see if it has been affected.
Here’s the link to the website: http://filippo.io/Heartbleed/ (Pictured above)
Now of course – the two methods I have mentioned above are not foolproof and shouldn’t be used as a guarantee. If you’re in any doubt, contact the website support team to find out more. Anyway, hopefully this helps!
Edit: Below is a list of websites that are known to have been affected.
– www.google.com – Please note, Google has said that users don’t need to change their passwords, but better safe than sorry…
The above list was compiled via www.mashable.com and Google.