4 Facts You Need to Know About the Heartbleed Threat
Written by: Mike Randall
Edited by: Lillian Guevara-Castro
The Internet security threat known as Heartbleed has been all over the news recently.
For those of us who aren’t quite sure whether this is the latest vampire series or something we really need to be concerned with, here’s what you need to know about Heartbleed.
1. This isn’t a virus.
Your computer can’t be infected with Heartbleed. It’s a vulnerability or “bug” in a protocol used by computers to perform secure transactions.
In fact, there isn’t anything a typical user can do except to change their passwords, but before you start doing that, read on.
2. The Heartbleed bug uses a flaw in OpenSSL.
This is a set of encryption tools used by some servers to establish secure connections over the Internet.
The flaw exposes small amounts of data that reside in a server’s memory to be gathered by a client that has established a secure connection with the server. If this extraction is done repeatedly over time, a lot of information can be harvested, including transaction and security information.
“Awareness is our best defense
against the bad guys out there.”
3. Not every secure Internet transaction is at risk.
It’s important to recognize that although OpenSSL is a popular tool for performing secure transactions, not all servers use it. By the time it was found and made public, there was already a fix for the vulnerability.
However, it’s unclear how many computers still have the flaw and whether it’s been exploited by any individuals or groups intending to do harm.
4. There is one surefire way to protect yourself.
What can we do to protect ourselves? As I said previously, changing passwords on your accounts is the only real protection we have.
However, you need to be sure the flaw has been fixed on the website you’re communicating with. Otherwise you would just be exposing your new password to potential theft.
So far quite a few companies have developed tests that can show whether a website has been fixed and the vulnerability threat eliminated. You also can check with the company directly.
Once you’ve confirmed a company you perform secure transactions with has fixed the problem, change your passwords.
This also is a good time to strengthen your passwords, being sure to use a combination of letters, numbers and characters. You should never have a password that is a common name or includes only numbers or letters. These are easy to crack and can leave you vulnerable.
Security threats, viruses and bugs are just a fact of life in our modern connected world. We should all get used to regularly changing our passwords and keeping our security software up to date.
Awareness of the threats and doing everything possible to prevent them is our best defense against the bad guys out there. Do your part!
Photo source: static.zdnet.com
Advertiser Disclosure
BadCredit.org is a free online resource that offers valuable content and comparison services to users. To keep this resource 100% free for users, we receive advertising compensation from the financial products listed on this page. Along with key review factors, this compensation may impact how and where products appear on the page (including, for example, the order in which they appear). BadCredit.org does not include listings for all financial products.
Our Editorial Review Policy
Our site is committed to publishing independent, accurate content guided by strict editorial guidelines. Before articles and reviews are published on our site, they undergo a thorough review process performed by a team of independent editors and subject-matter experts to ensure the content’s accuracy, timeliness, and impartiality. Our editorial team is separate and independent of our site’s advertisers, and the opinions they express on our site are their own. To read more about our team members and their editorial backgrounds, please visit our site’s About page.
