Heartbleed bug bleeds out

By Caleb Hennington
On April 17, 2014

Have you been on the Internet lately? Have you been on it anytime in the last two years?

Chances are, unless you’re Amish or live in the middle of the Sahara desert, you have been on the Internet in the last few days, hours, minutes, or even right this second as you’re reading this article. And there’s also a good chance that a lot of your personal information, such as passwords to online banking, email and social media sites, and credit card numbers, has been stored on the Internet in hopes that it will be safe and secure from all those who would hope to steal it from you.

Recently, word has gotten out that the security used to protect sensitive information from digital plunderers was, unfortunately and at a potentially grand cost, nowhere near as secure as previously thought. A new security breach, codenamed the Heartbleed bug, sent shockwaves to Internet users all over the world last week, as developers from big name sites, such as Facebook and Tumblr, tried to warn users they needed to change their passwords as soon as possible.

The Heartbleed bug is basically a flaw in the security used by a vast majority of websites to make sure that information submitted by users, such as passwords and credit card numbers, is safely stored away from Internet hackers. Heartbleed.com, a website created after the bug was discovered, describes the bug as “a serious vulnerability in the popular OpenSSl cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.”

It also says the Heartbleed bug allows attackers to “eavesdrop on communications, steal data directly from the services and users, and to impersonate services and users.”

In less techie terms, normal SSL encryption works like this: when you open up a website on your computer, your web browser sends out a request to the website asking the site to identify itself. The website then sends out its own personal certificate to your web browser for identification. Once your browser identifies the website’s certificate, it sends out another signal to request encryption, and then the website allows the encryption. It works like a padlock for your website browsing, so your personal data isn’t shared with anyone besides your computer’s web browser and the website.

You can also think of it like when you were a kid and you used a secret password to get into your fort. Only you and the fort’s “guard” is supposed to know the password, but there’s always that untrustworthy brat that spills the beans to the weird kid down the block, ruining the sanctity of your secret fort, and pretend time, forever.

Investigators estimate about two-thirds of all websites use OpenSSL and were affected by the Heartbleed bug, so there is a very likely chance that you were affected by it and just don’t know it yet.

So what are the best options for saving personal info? Since the bug was announced, websites everywhere have scrambled to patch the hole and update their SSL to prevent this from happening again in the future.

Mashable.com created a list of the main websites that were probably affected by Heartbleed, which includes Facebook, Instagram, Pinterest, Tumblr, Gmail, Yahoo Mail and Netflix. Some sites, such as LinkedIn and Amazon, were saved from the bug thanks to their use of a different security than OpenSSL.

But to be on the safe side, the Internet as a whole is encouraging all users to change their passwords on any website they routinely use. This will prevent any precious information from being stolen by Cybercriminals.

So take a few minutes out of your busy schedule, change your passwords and live without the worry of someone stealing from you. You’ll be sorry you didn’t once you notice Cletus Smith of Birmingham, Ala. pinning pictures of motorcycles and inspirational “Roll Tide!” quotes to your “Wedding board” on Pinterest.

Get Top Stories Delivered Weekly

From Around the Web

More ASU Herald News Articles

Recent ASU Herald News Articles

Discuss This Article



Log In

or Create an account

Employers & Housing Providers

Employers can list job opportunities for students

Post a Job

Housing Providers can list available housing

Post Housing

Log In

Forgot your password?

Your new password has been sent to your email!

Logout Successful!

You just missed it! This listing has been filled.

Post your own housing listing on Uloop and have students reach out to you!

Upload An Image

Please select an image to upload
Note: must be in .png, .gif or .jpg format
Provide URL where image can be downloaded
Note: must be in .png, .gif or .jpg format