• Print

As you probably know, in the past few weeks, Heartbleed was a very big story in the news. Some commentators misrepresented it as a virus. Although it definitely affected Internet security, Heartbleed it not a virus and it cannot be spread from computer to computer. Here’s a rundown on just what it really is and what you need to do about it.

Instead, Heartbleed is a programming defect in a widely-used security software, called Open SSL that is run on computer servers. Heartbleed is a very big deal because the affected security protocol is used by about 2/3 of the servers used in web transactions. It is used for secure connections which are indicated by the “https:” in the address of the website. Many online merchants, web mail providers, and banks use this protocol and were affected. Although this protocol has been in use for several years, the flaw was only recently exposed.

The cause was some faulty code that was written in this security protocol. Yes. Some human made a mistake, or at least didn’t think through the implications of what he or she was coding.

Just in case you’re wondering, the faulty code is found in an area of the OpenSSL code known as the TLS Heartbeat Extension. That’s how Heartbleed got its name. They have also developed a logo for Heartbleed – an obvious bleeding heart. This was done in an effort to get the word out about this flaw and to get everyone to patch their systems.

Fortunately, Google, Amazon, Yahoo, and many of the big banks and merchants were able to patch the code and correct the situation quite quickly. Unfortunately, smaller websites may not be so proactive, so the flaw may be used by hackers to gain access to some data from those websites.

As a consumer, there is little that you can do to rectify this situation. It is almost entirely in the hands of the website operators. You have probably heard that resetting your passwords will keep you safer. Many banks are sending letters to their customers letting them know that they have fixed their systems and alerting them to the fact that they should change their passwords. As I write this on April 24th, most banks and large merchants have patched their servers and are safe. If you have any questions about it you should call your bank and make sure that they are secure and then change your password. For extra security, you can also change your passwords for shopping sites like Amazon. Remember that this only affects website that have https: in their address. So don’t worry about visiting information websites like compukiss.com.

Simply for safety sake, you should change your banking password on a regular basis. Also, be sure that your banking password is unique and is not used in other places.