Everything You Need to Know About the 'Catastrophic' Heartbleed Bug

heartbleed-bugIf you’ve so much as scrolled through your Facebook news feed or tuned into a newscast the past few days you’ve likely heard the hoopla about the Heartbleed bug.

The potentially lethal bomb was dropped Monday, April 7, when it was announced that a group of engineers from Codenomicon discovered a serious vulnerability affecting a widely-used encryption protocol known as OpenSSL. It has since been described as “the most dangerous security flaw on the web,” and “the ultimate web nightmare.”

But is it really as bad as it sounds?

Put simply, the answer is yes! At least according to Bruce Schneier, cryptographer and computer security and privacy expert. He called Heartbleed potentially “catastrophic,” in an April 10 blog post. “On a scale of 1 to 10, this is an 11,” he wrote.

A hazard this huge is bound to leave you with a handful of questions. That’s why we enlisted a group of information security experts to help explain the situation in Layman’s terms and offer some advice on how you can help mitigate your risk.

What exactly is the Heartbleed bug?

Type this question into any search engine and you’ll find scores of detailed descriptions dripping with complex terminology. But unless you’re an IT pro, the acronyms and technical jargon will likely make your head spin.

So we made it a bit easier to comprehend with the help of encryption expert Mark Bower of Voltage Security. He compares Heartbleed to finding a faulty car part used in nearly every make and model. The only difference is you can’t recall the Internet and all the data you put out on it.

The bug was the result of a programming error within OpenSSL back in December 2011, explains James Jones, CIO of Saife, Inc. This means the flaw has gone undetected for more than two years. Anyone who noticed the error during that time had the ability to steal small snapshots confidential data—everything from usernames and passwords to credit card info and social security numbers are vulnerable.

Why is the Heartbleed bug so bad?

So why is news of the Heartbleed bug wreaking havoc across cyberspace? Because, unlike most cyberthreats,  the bug isn’t restricted to a single website or company. In fact, it affects every website running OpenSSL version 1.0.1, which is roughly two-thirds of the Internet since 2012, according to Kellep Charles, IT security analyst at NASA.

"If deep testing isn’t being done by the good guys ... you can be sure the bad guys will find the faults first."

The vulnerability likely affected a handful of websites you use every day—Facebook, Google and Yahoo, to name a few. Any personal information disclosed on these sites may have been silently exposed and manipulated over the past two years.

What’s worse is that companies have no way of confirming whether or not their users were affected by the vulnerability, because exploitation of the bug leaves no trace of malicious activity, Charles says.

Bower says people assume certain technologies are safe just because everyone uses them, but that’s not always the case. “If deep testing isn’t being done by the good guys to make sure those parts are safe, then you can be sure the bad guys will find the faults first,” he explains.

What should you do in response to the Heartbleed bug?

The good news is that a security patch was released to repair the flaw shortly after the Heartbleed bug was announced on Monday. This correction prohibits the continuation of the vulnerability, but unfortunately there is no way to undo any damage that’s already been done.

For the most part, the onus is on IT personnel to secure their systems, revoke certificates and update login data. However, our team of experts helped us identify a few steps you can take to help avoid further risk.

1. Determine whether the sites you visit frequently have been affected

Charles advises you to retrace your steps and identify the websites you entrust with personal information. Several resources have been created (like this one) to inform you whether or not a site is vulnerable to Heartbleed. You can also download this Chrome extension called Chromebleed that warns you if a site you’re visiting has been impacted by the bug.

2. Change your passwords when directed

Once you’ve confirmed that a corrupted website has been patched and is secure, changing your password is encouraged. Our experts recommend creating a unique password for each site you visit regularly. Installing a password manager—such as Password Safe or LastPass—can help you keep track of your new passwords.

3. Be aware of potential phishing scams

Charles says to be on the lookout for suspicious messages stemming from the Heartbleed bug. If cybercriminals acquired your personal information, they may use it to con you into installing malicious software on your computer. Be mindful of the warning signs of phishing scams.

4. Keep a close eye on financial statements

Personal banking credentials and credit card information were among the data at risk of being intercepted, which means there is a high chance of fraudulent activities, Charles warns. It’s important to monitor your accounts and report any suspicious activity in the upcoming days.

Don't take the chance …

There’s no surefire way to predict the severity of the implications of the Heartbleed bug. It’s possible the engineers from Codenomicon spotted the bug before any hackers detected it. The next few weeks are sure to bring more answers.

But after hearing the warnings from information security experts, it’s clear that the potential consequences are perilous. Charles advises users to assume their information was compromised if they have used one of the affected sites.

Taking the necessary precautions to protect yourself against any detrimental effects of the Heartbleed bug is worthwhile. After all, it’s better to be safe than sorry!


Visit Heartbleed.com to find answers to more of your questions regarding the bug.

External links provided on Rasmussen.edu are for reference only. Rasmussen College does not guarantee, approve, control, or specifically endorse the information or products available on websites linked to, and is not endorsed by website owners, authors and/or organizations referenced.

Callie is the Associate Content Marketing Manager at Collegis Education. She oversees all blog content on behalf of Rasmussen College. She is passionate about providing quality content to empower others to improve their lives.

Receive Personalized Information Today

  • Personalized financial aid
  • Customized support services
  • Detailed program plan
  • Attend a no-obiligation Nursing Information Session
  • Meet the Dean of Nursing
  • Enrollment application
  • Personalized financial aid
  • Career path guidance

What would you like to study?

How may we contact you?

Please complete all fields

By requesting information, I authorize Rasmussen College to contact me by email, phone or text message at the number provided.

Share Your Story Ideas
Our campuses and online community have stories to tell and we want to hear them! Did your campus raise the most money in the community for an organization? Do you have online study tips for other students? Would you like to share a personal success story about overcoming an obstacle while earning your degree?
To have your story idea considered:
  • You must be a faculty member, current student or graduate
  • Story ideas must be regarding Rasmussen College or an inspiring story about a student at Rasmussen College
  • Your submission must be original and may not have been published elsewhere online already
Please Note: Your story idea may be featured on the Rasmussen College News Beat or on one of our social networks. A member of our news team will contact you should we move forward with a blog post.
Feel free to suggest an idea for a blog post to be featured on the Rasmussen College News Beat by filling out the form below:

First Name: (required)

Last Name: (required)

Email Address: (required)

Phone Number: (required)

500 characters or less


Your Story Idea Has Been Submitted

Thank you for sending us a story idea! We’re reviewing submissions and may contact you soon to learn more about your story. In the meantime, make sure to check out our current blogs to see what’s happening on campus.