The dangers of the Heartbleed bug

Last week,Heartbleed.svg the Heartbleed bug made world headlines in its discovery. Heartbleed is a bug that affects OpenSSL, an encryption technology that is one of the most common on the internet. While it is unclear whether any information has been stolen through the Heartbleed bug, security experts are worried because the bug went undetected for more than two years before discovery. However, there are some things to keep in mind that will ultimately help keep you and your personal information safe. Most importantly, the only affected Elon service is email accounts utilizing Gmail (in general, student accounts). If you have a Gmail account, you should change your password immediately.

How does the Heartbleed bug work?

According to the Washington Post, Heartbleed was discovered by researchers from Google and the Finnish security firm Codenomicon. Heartbleed works in that it “creates an opening in SSL/TLS, an encryption technology marked by the small, closed padlock and “https:” on Web browsers to show that traffic is secure. The flaw makes it possible to snoop on Internet traffic even if the padlock is closed.”

The danger here is that the flaw leaves millions of passwords, credit card numbers, and other personal information at potential risk. The good news: There is no indication that hackers caught wind of this before researchers did, suggesting that it’s hard to tell if any information was actually stolen through the Heartbleed bug.

The problem is fixed, right?

Yes and no. A fix for OpenSSL has been released, which remedies the Heartbleed bug. However, it is up to website administrators to ensure that the patch has been applied. According to CNNMoney, many popular sites such as Amazon, Google, Yahoo,eBay, Expedia, Netflix, Facebook, Wikipedia, and OKCupid have announced that the Heartbleed bug has been fixed for their sites. Additionally, the IRS released a statement ensuring that their systems were not affected by the bug and that they are able to continue to accept tax returns as normal.

So what can I do?

The problem with the Heartbleed bug is that 81% of websites run web server programs that are vulnerable to the flaw. The short answer is that you’ll want to change all your passwords. But, that won’t do any good unless the patch has been applied to that website. As a result, security experts suggest you log out of all websites where you have an account (e.g., online banking, email) until you know that the problem has been fixed.

It’s certainly impossible to log out of all technology in today’s world. However, Italian cryptography and security expert Filippo Valsorda has developed a Heartbleed bug detector tool. Visit the Heartbleed test and enter the web address in question. If the website comes back clear, you should go ahead and change your password. If it comes back as unsafe, you’ll want to wait a little while longer before changing your password, because it won’t do you any good.

Remember, Elon sites passed the Heartbleed test; so, unless you’ve responding to a phishing scheme lately, you’re passwords here are still safe.

Image from Wikipedia

Ryan Gay

Ryan Gay

Ryan is the Manager of Service Management & IT Project Lead for Instructional & Campus Technologies. He has received both undergraduate and graduate degrees in English from UNC-Greensboro.

More Posts - Website

This entry was posted in Technology@Elon, Productivity, Security and Safe Computing, Trending @ the Service Desk and tagged . Bookmark the permalink. Follow any comments here with the RSS feed for this post. Both comments and trackbacks are currently closed.