Everything You Need to Know About the 'Catastrophic' Heartbleed Bug

heartbleed bugIf you’ve so much as scrolled through your Facebook news feed or tuned into a newscast the past few days you’ve likely heard the hoopla about the Heartbleed bug.

The potentially lethal bomb was dropped Monday, April 7, when it was announced that a group of engineers from Codenomicon discovered a serious vulnerability affecting a widely-used encryption protocol known as OpenSSL. It has since been described as “the most dangerous security flaw on the web,” and “the ultimate web nightmare.”

But is it really as bad as it sounds?

Put simply, the answer is yes! At least according to Bruce Schneier, cryptographer and computer security and privacy expert. He called Heartbleed potentially “catastrophic,” in an April 10 blog post. “On a scale of 1 to 10, this is an 11,” he wrote.

A hazard this huge is bound to leave you with a handful of questions. That’s why we enlisted a group of information security experts to help explain the situation in Layman’s terms and offer some advice on how you can help mitigate your risk.

What exactly is the Heartbleed bug?

Type this question into any search engine and you’ll find scores of detailed descriptions dripping with complex terminology. But unless you’re an IT pro, the acronyms and technical jargon will likely make your head spin.

So we made it a bit easier to comprehend with the help of encryption expert Mark Bower of Voltage Security. He compares Heartbleed to finding a faulty car part used in nearly every make and model. The only difference is you can’t recall the Internet and all the data you put out on it.

The bug was the result of a programming error within OpenSSL back in December 2011, explains James Jones, CIO of Saife, Inc. This means the flaw has gone undetected for more than two years. Anyone who noticed the error during that time had the ability to steal small snapshots confidential data—everything from usernames and passwords to credit card info and social security numbers are vulnerable.

Why is the Heartbleed bug so bad?

So why is news of the Heartbleed bug wreaking havoc across cyberspace? Because, unlike most cyberthreats,  the bug isn’t restricted to a single website or company. In fact, it affects every website running OpenSSL version 1.0.1, which is roughly two-thirds of the Internet since 2012, according to Kellep Charles, IT security analyst at NASA.

"If deep testing isn’t being done by the good guys ... you can be sure the bad guys will find the faults first."

The vulnerability likely affected a handful of websites you use every day—Facebook, Google and Yahoo, to name a few. Any personal information disclosed on these sites may have been silently exposed and manipulated over the past two years.

What’s worse is that companies have no way of confirming whether or not their users were affected by the vulnerability, because exploitation of the bug leaves no trace of malicious activity, Charles says.

Bower says people assume certain technologies are safe just because everyone uses them, but that’s not always the case. “If deep testing isn’t being done by the good guys to make sure those parts are safe, then you can be sure the bad guys will find the faults first,” he explains.

What should you do in response to the Heartbleed bug?

The good news is that a security patch was released to repair the flaw shortly after the Heartbleed bug was announced on Monday. This correction prohibits the continuation of the vulnerability, but unfortunately there is no way to undo any damage that’s already been done.

For the most part, the onus is on IT personnel to secure their systems, revoke certificates and update login data. However, our team of experts helped us identify a few steps you can take to help avoid further risk.

1. Determine whether the sites you visit frequently have been affected

Charles advises you to retrace your steps and identify the websites you entrust with personal information. Several resources have been created (like this one) to inform you whether or not a site is vulnerable to Heartbleed. You can also download this Chrome extension called Chromebleed that warns you if a site you’re visiting has been impacted by the bug.

2. Change your passwords when directed

Once you’ve confirmed that a corrupted website has been patched and is secure, changing your password is encouraged. Our experts recommend creating a unique password for each site you visit regularly. Installing a password manager—such as Password Safe or LastPass—can help you keep track of your new passwords.

3. Be aware of potential phishing scams

Charles says to be on the lookout for suspicious messages stemming from the Heartbleed bug. If cybercriminals acquired your personal information, they may use it to con you into installing malicious software on your computer. Be mindful of the warning signs of phishing scams.

4. Keep a close eye on financial statements

Personal banking credentials and credit card information were among the data at risk of being intercepted, which means there is a high chance of fraudulent activities, Charles warns. It’s important to monitor your accounts and report any suspicious activity in the upcoming days.

Don't take the chance …

There’s no surefire way to predict the severity of the implications of the Heartbleed bug. It’s possible the engineers from Codenomicon spotted the bug before any hackers detected it. The next few weeks are sure to bring more answers.

But after hearing the warnings from information security experts, it’s clear that the potential consequences are perilous. Charles advises users to assume their information was compromised if they have used one of the affected sites.

Taking the necessary precautions to protect yourself against any detrimental effects of the Heartbleed bug is worthwhile. After all, it’s better to be safe than sorry!

Visit Heartbleed.com to find answers to more of your questions regarding the bug.

Take the Next Step—Talk to Us!

There are some errors in the form. Please correct the errors and submit again.

Request More Information

Talk with a program manager today.

Fill out the form to receive information about:
  • Program Details and Applying for Classes 
  • Financial Aid and FAFSA (for those who qualify)
  • Customized Support Services
  • Detailed Program Plan

Step 1 of 3

What's Your Name?

Please enter your first name.

Please enter your last name.

Step 2 of 3

Contact Information

Please enter your email address.

Please enter your phone number.

Please enter your five digit zip code.

Step 3 of 3

Program Preferences

Please choose a school of study.

Please choose a program.

Please choose a degree.

The program you have selected is not available in your area. Please select another program of interest.

By requesting information, I authorize Rasmussen College to contact me by email, phone or text message at the number provided. There is no obligation to enroll.

Callie Malvik

Callie is the Content Manager at Collegis Education, overseeing blog content on behalf of Rasmussen College. She is passionate about creating quality resources that empower others to improve their lives through education.

female writer

Related Content

This piece of ad content was created by Rasmussen College to support its educational programs. Rasmussen College may not prepare students for all positions featured within this content. Please visit www.rasmussen.edu/degrees for a list of programs offered. External links provided on rasmussen.edu are for reference only. Rasmussen College does not guarantee, approve, control, or specifically endorse the information or products available on websites linked to, and is not endorsed by website owners, authors and/or organizations referenced. Rasmussen College is a regionally accredited private college.

Add your comment


Please enter your name.


Please enter your email.


Please enter your comment.


icon-colored-advance icon-colored-build icon-colored-certificate icon-colored-continual-developement icon-colored-growth icon-colored-national icon-colored-prep icon-colored-regional icon-colored-state icon-colored-student-centered icon-colored-support icon-colored-world-experience icon-general-connect icon-general-degree icon-general-discuss icon-general-email icon-general-find icon-general-laptop icon-general-leader icon-general-map icon-general-paperwork icon-general-phone icon-general-speak-out icon-camera icon-filter icon-info-circle icon-mail-forward icon-play-solid icon-quote-mark-left icon-quote-mark-right icon-share-square-o icon-spinner icon-tag logo-accreditation-acen logo-accreditation-ccne ras-logo-flame ras-logo-horizontal ras-logo-stacked icon-simple-chat icon-simple-desktop icon-simple-find icon-simple-hamburger icon-simple-phone icon-testimonial-quotes icon-social-facebook-square-colored icon-social-facebook-square icon-social-facebook icon-social-google-plus-square icon-social-google-plus icon-social-instagram icon-social-linkedin-square-colored icon-social-linkedin-square icon-social-linkedin icon-social-pinterest-p icon-social-twitter-square icon-social-twitter icon-social-youtube-play-colored icon-social-youtube-play icon-util-checkbox-white icon-util-checkbox icon-util-checked-white icon-util-checked icon-util-chevron-down icon-util-chevron-left icon-util-chevron-right icon-util-chevron-up icon-util-loading icon-util-open-window-button icon-util-open-window-link icon-util-pdf-button icon-util-pdf-link icon-util-refresh icon-util-x