There hasn’t been a computer security bug around for a while that we needed to worry about.
Sadly, it appears that we’ve all been facing one for the past two years and not realised.
What is the heartbleed computer bug?
Over the past few days, a major security flaw was announced by security researches. OpenSSL is a widely used data encryption standard. It keeps data that users submit secure.
The encryption makes data sent by users look like nonsense to anyone else except the intended recipient. From time to time, one computer may want to check if there is still another computer at the end of a secure connection.
To do this it will send what is called a heartbeat. It’s a small packet of data, and it asks for a response.
The online security system can be tricked
Due to the programming error when OpenSSL was implemented, security researchers found that they could send a disguised packet of data made to look like a heartbeat in order to trick the computer at the other end of the secure connection into sending data it had stored.
This flaw was initially reported to the OpenSSL team by the Google researcher Neel Mehta, and it was independently found by a security firm called Codenomicon.
The problem has been in OpenSSL for two years, and taking advantage of it leaves no trace.
A major concern
Web servers hold lots of our vital information in their memories such as passwords, usernames and even credit card numbers. The flaw allows encryption keys to be stolen, which means otherwise encrypted data that is impossible to read, can be turned into readable information.
The only way for businesses with vulnerable servers to become less susceptible is to change their keys.
Are you affected?
The answer is likely to be yes. This issue is in the software that powers the services we use on a regular basis on websites we use. OpenSSL is one of the most widely used methods to encrpyt internet traffic.
A recent survey carried out by Netcraft found that of almost 959,000,000 websites, 66% of them used SSL and that did not include email providers, chat and apps.
Change your online passwords
Seeing as this problem has been around for two years and it doesn’t leave a trace, you have to assume that your internet accounts could be compromised.
It’s wise to change your online passwords, although this is only useful if the website in question has updated its software to protect against the flaw. Any sensible and serious business will ensure they have upgraded. Thankfully as time goes on the bug will become less and less prevalent.
Are you worried about heartbleed? Leave a comment or get in touch.