The Heartbleed bug may seem like another chicken little moment, where technology companies shout “the sky is falling” and make you feel like it’s a ploy to buy anti-virus software. However, this problem is truly different. The sky really is falling.
The “Not So Secure” Internet
The Heartbleed bug is not so much a bug but a serious defect in the way websites handle security. This problem allows a hacker to connect to a server and check if that site is secure or not secure. The returning information should just be a “yes” or “no”. Instead, this error allows hackers to see whatever information is currently in memory on that server. If it’s yours, that’s a problem.
An example would be if you just logged into Zappos to buy those Wildcat Cheetah Socks you always wanted. If you clicked submit just before a hacker checks that server, then they now can see your username and password. It’s in what’s called the server’s temporary session and that’s what is available to hackers.
This is a big problem because it harms the basic security and trust of the internet. Buy something online and you will look for that green text or golden key in the URL bar that shows the site is secure. We’ve been trained that this symbol represents security for our passwords and credit card information. In reality, that hasn’t been true since 2012 when the “Heartbleed” error was introduced by mistake (a random boo boo in a very complicated system). Our information has been publicly available to anyone smart enough to download some free hacker tools and ping a server at the right time.
If you haven’t been hacked, consider yourself lucky or consider that you may not have checked your site activity.
Consider instead that Heartbleed really demonstrates the fragile state of the internet. The thing is wobbly and attacked continually by governments, businesses, foreign mobster and even high school students. The fact that it still survives is a testament to DARPA’s original design for it to continue communication despite a nuclear war. Together with the recent discovery that the NSA intentionally created flaws in security encryption so they could read everything on the web, doubts are starting to emerge about private information on the public web.
The Heartbleed Bug is a Head Job
The psychological impact on consumers is Heartbleed’s real damage. First, the NSA, then Target’s stupidity, then Heartbleed, then what? This can’t and won’t be the only flaw found in internet security. There will be new headlines that announce further boo boos and new dumbness. You cannot trust that the sites you love will love you enough back to protect your security. Consumers and businesses need to be aggressive in how they protect their passwords and how they access the internet.
- Change your passwords often, especially on credit card and banking sites.
- Every site gets it’s own password. Don’t share.
- Use a security database like KeyPass to generate and store passwords. Don’t trust your head. It’s not random enough.
- Never provide real information for marketing promotions or Facebook. I actually have several personas that I use, complete with birthdates, hometowns and email addresses.
- Never login to a site using Facebook. Facebook will allow the site to post to your wall and they will share every little detail about you, which means that if that site is not secure, hackers can access personal details.
- Finally, don’t surf the internet without active protection from malware and viruses. We use the pro versions of Avast and MalwareBytes. They’re free to start, but their pro versions have saved my buttocks on several occasions.
The error is getting fixed. Most servers on the internet have been patched to correct the problem. If you have a concern about a site, use Filipo’s site as hackers are now using the scare to hunt new victims.
Good luck out there. It’s getting rough.