Every once in a while, news comes out about a scary new internet virus or a widespread hacking that attacks a lot of important, high profile computers. It makes us all take a little closer look at our own computer accounts and our online behaviors. A new bug, called Heartbleed, has been two years in the making, having been identified as a flaw in OpenSSL, the security standard that most websites use to protect information. Unfortunately, Heartbleed stands to do some serious harm to our online environment.

Basically, connected computers or servers work by sending each other tiny packets of information, just to see if the other computer is still communicating. It’s kind of like testing the swimming pool with your big toe before jumping in. These packets, called heartbeats, are supposed to just ask for a response. But due to an error in the OpenSSL program, computers have begun sending back private information stored in their hard drives instead of that response.To put it mildly, this is a really bad development. Computers store all kinds of information, like user names, passwords, credit card numbers, and more. Even worse, Heartbleed has made it even easier for hackers to steal encryption keys.

Before you think that this won’t affect you because you don’t put private information on your home computer, please remember that Heartbleed is affecting web servers, those large electronic boxes that make it possible for a lot of computers to talk to each other. Your bank and credit card companies have servers, your doctor’s office probably has one, even your child’s school has one. If any of those places have any of your information, then you’re at risk.

The most important thing you can do—within reason—is to assume that your accounts have already been compromised. This programming error is two years old but has only just been discovered. Treat this situation as though you just got confirmation that your passwords to all of your accounts just got shared on the internet. Over the next few days as companies roll out software updates, be prepared to change your passwords, especially on sensitive accounts. Changing them right now might not help you since those bug fixes have to be put in place before your accounts will be secure again.

For the next several weeks, be aware of the bug and its possible effects on your content. Look over your sent email file, check your bank accounts and credit card statements securely and routinely, and make sure that if your computer wants to install an update that you don’t ignore it.

The problem with the OpenSSL programming has already been over the last few days (when the bug was first discovered), so now all that remains is for companies to release their updates to it and for you to download any updates from your service providers, operating system (like Windows), or accounts. For those of you who were planning to file your taxes online, the IRS has issued a statement that it was not affected by Heartbleed and that it is safe to go ahead and file. Other companies, like Yahoo, have said they were affected by the bug but that they have already repaired the problem.

When you do change your account passwords, remember to keep your passwords safe and protected, and share the news with other computer-savvy individuals who may not know what steps to take.

If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center's Anyone3 fundraising campaign.  For more information or to donate please visit http://www.idtheftcenter.org/anyone-3

 

ITRC Sponsors and Supporters 

 

 

 

 

Go to top