You’ve seen the term “Heartbleed” all over the news and internet. So what is Heartbleed and how do you keep it from causing harm to you?
Here’s a quick non-technical overview of Heartbleed:
When you log into a website, or submit any personal information, it is transmitted in a manner which is designed to keep the contents safe from unintended parties. This process of protecting your information, before sending it over the internet, is referred to as “encryption”.
Before I continue on about Heartbleed, I would like to reassure all Steadfast Telecommunications customers that our systems are in great shape! Immediately after news of Heartbleed became public, our engineers took additional precautions to ensure that you will continue to receive reliable and secure VoIP.
The Heartbleed Problem:
It was recently discovered that one of the most commonly implemented forms of encryption, OpenSSL (estimated to be in use by 66% of the internet) contains a serious flaw which can allow hackers to gain access to your private information.
What this means to you
If you’ve entered your password, or submitted sensitive information through an affected website, or service, then there’s a chance that a hacker could (or may have already) gain(ed) access to your private information. Heartbleed can also affect other forms of communication, such as e-mail and instant messaging.
Security flaws are discovered all the time, so what makes Heartbleed different?
Heartbleed is significant for a few reasons:
- This vulnerability has apparently existed since December of 2011. This is a REALLY long time for a flaw to go unnoticed.
- If hackers have managed to acquire any personal user data, they have been able to do surreptitiously; for about two and a half years!
- When credentials and data are acquired by hackers and other unsavory characters, they may hold on to the information for quite some time before they attempt to use any of it.
- If you have logged into an affected site, during the last 2+ years, then your login information or other personal data, could be in the hands of the wrong people. With that information, someone else could potentially assume your identity and wreak havoc on your life.
What can you do to protect yourself?
1. If you have an account with any of the following websites, then you should change your passwords:
|Amazon Web Services||GitHub||Minecraft||USAA|
*Mashable has been maintaining a list of affected sites and they have indicated that they will continue to update the list.
2. Use different passwords for each website. Yes, this can be a hassle, but think about how much more of a hassle it would be if someone got ahold of your information.
3. Create strong passwords. Good passwords use a combination of: Letters (both uppercase and lower-case), symbols and numbers. They should also be at least 8 characters.
Here’s what you shouldn’t do:
Many people use the same passwords and similar usernames for many different websites. Therefore, if a hacker figures out your credentials for one site, they’ll likely be able to figure out access to some of your other accounts.
Don’t use simple passwords with only: pet names, single words, a few numbers, birthdays or any common information.
While this entire process of changing passwords may seem like a formidable task, I think it’s worthwhile. Why? Well, do you engage in online banking, online purchasing or something that involves sending out your personal information over the internet? If so, then consider how much damage a hacker could do if they were able to log in to your accounts and take control. It’s probably better to avoid this in the first place.