Along Comes Heartbleed
It’s been a long time since we’ve had a big security scare on the web. But the biggest news lately is a new scare called Heartbleed. This new security flaw was discovered recently and has been exploited by many hackers to retrieve data from large sites. What Heartbleed does, is it exploits a security flaw in Open SSL, which is a data encryption standard that many websites and devices use to encrypt user data.
How Heartbleed works is that when you send an email or you’re on a chatting program your device sends a packet of data called a heartbeat on the web. Heartbleed essentially sends a disguised chunk of data that looks like one of these heartbeats and tricks your computer into giving information that it shouldn’t. Your computer doesn’t know the difference because it looks just like your other encrypted data. Hackers can siphon tons of data, and no one even knows that they are there. It’s a terrible thing, but it is some incredibly smart hacker ninjitsu. Too bad these awesome hackers can’t use their genius for good.
Apparently, upon research I found that this has been around for a couple of years, just no one really knew about it. The reason why this is so bad is that and has flown under the radar for so long. There’s no way of knowing whether or not that you have given up any of your personal data or not. Chances are you probably have but there’s no way of knowing because Heartbleed is disguised so well as your other data. Open SSL is on everything from smartphones to tablets and the software within.
What should you do about Heartbleed?
Honestly, nothing at the moment. The reason is many different websites or telling you to go online immediately and change all your usernames and passwords and all of your information. The problem with this idea is that many companies have not upgraded their systems yet. This means that hackers that are using the Open SSL vulnerability to their advantage can still get access to your new information. In other words, you would be changing all of your information for nothing. They could simply just get access to it again. What I think that we should do as a nation is that all major companies that provide services such as Facebook, email accounts, Twitter, LinkedIn and any other site or business that records personal data should upgrade their system and then notify you once it has been upgraded. Then you should update your username and passwords for all of your accounts. Otherwise you would simply be shooting yourself in the foot.
What do you think about the new Heartbleed vulnerability? Does this scare you and make you think twice about joining sites and putting in your personal information? If people weren’t paranoid before, they sure will be now. I would love to hear your thoughts on this issue. Please leave your thoughts and questions in the comment section below.