Heartbleed

If you haven’t already heard, a very large security issue was discovered in the past few days and it’s been named Heartbleed. I’ll spare the technical details, but, what it allows someone to do is to access data that is in a server’s memory.  The worst part of all is that, while we know how many major websites were affected by this, we have no idea how many hacks there have been.  It could be that this issue was found out before any data was stolen, or it could mean that a few hackers/governments now have all your passwords to major sites (and possibly credit card info).

Should you freak out?  What should you do?

Don’t freak out.  The only thing you should really do (and you should be doing this anyway) is reviewing your credit card once or twice a month to ensure all the charges on it are yours.  This is a good idea anyway.  Most credit cards handle fraud very quickly and easily and let you get a new card number quickly if something does happen (along with refunding the charge).

What is affected.  The number of affected sites is unknown, but, the majors are Facebook, Instagram, Pinterest, Tumblr, and Google, Yahoo, Amazon, and Dropbox.

What should you do?  Based off the type of data that could have been stolen, the best thing you can do if you wish to maximize your protection is to simply change your password (I would change it next week, to ensure all these sites have updated and patched for the fix).

I’m curious – what was the actual issue?
To put it in non-computer terms, imagine that a website has a large guest log, like a hotel (servers actually do).  Now, In this guest log, you have to verify that you are who you say you are to access the hotel.  When you come in, you give your name, your address, and your personal information to confirm your identity.  In the future, if you want to back, you can simply say hello to the guard, and the guard will say hello back.  Now, in this case, the security guard would normally use their hands to cover up the other guests information (as you shouldn’t be seeing other people’s information).  What this bug did, was allow you to essentially move the security guards hands so that you could see a few more rows in the guest log.

Now, this guest log contains much more than just log in information, it contains requests for pages, encryption keys, etc.  But, it is all sensitive information in some fashion.  Put in a visual form: http://xkcd.com/1354/

Share

Leave a Reply

Your email address will not be published. Required fields are marked *