April 10th, 2014

Heartbleed: What It Is And Why You Should Be Concerned

by Steph DeLuca

People’s personal data across the Web are susceptible to a new security bug. The bug has been dubbed Heartbleed, a simple security bug in an ambiguous piece of software that could compromise the sensitive information of millions. More and more people are paying attention to it, and for good reason.

Bruce Schneier, an internationally renowned security technologist, has declared Heartbleed catastrophic.

“‘Catastrophic’ is the right word. On the scale of 1 to 10, this is an 11.”

The Problem.

Simply put, there is a hole in the software that websites use to encrypt your personal information. Heartbleed allows hackers to access the contents of a server’s memory, where usernames, passwords, and credit card data is stored. It is able to compromise the session keys that keep you logged into a website, allowing an outsider to pose as you without any passwords. Hackers are also able to obtain copies of a server’s digital keys – meaning they can impersonate servers and decrypt communications from the past.

The Severity of the Problem.

There is no way to know when or if you have been hacked. All we know is that there is a good chance that you’ve been affected directly or indirectly, and websites utilizing OpenSSL encryption are likely to be compromised.

“It’s a serious bug in that it doesn’t leave any trace,” David Chartier, chief executive at Codenomicon, told the New York Times.

What our Programmers Say.

Before rushing to change passwords, check websites affected by Heartbleed. If the website tests as Safe, it would make sense to change your password. But The Atlantic reports that making the decision to wait or changing it right away is a bit of a catch-22. Changing a password on a website that has not yet been fixed could be an issue if the hacker begins watching it after you’ve made the changes.

At the end of the day, there is no security like a strong password. You can use applications to generate strong effective passwords from hacks like Heartbleed.