Everything You Need to Know About the 'Catastrophic' Heartbleed Bug

heartbleed bugIf you’ve so much as scrolled through your        Facebook news feed or tuned into a newscast the past few days you’ve likely heard the hoopla about the Heartbleed bug.

The potentially lethal bomb was dropped Monday, April 7, when it was announced that a group of engineers from Codenomicon discovered a serious vulnerability affecting a widely-used encryption protocol known as OpenSSL. It has since been described as “the most dangerous security flaw on the web,” and “the ultimate web nightmare.”

But is it really as bad as it sounds?

Put simply, the answer is yes! At least according to Bruce Schneier, cryptographer and computer security and privacy expert. He called Heartbleed potentially “catastrophic,” in an April 10 blog post. “On a scale of 1 to 10, this is an 11,” he wrote.

A hazard this huge is bound to leave you with a handful of questions. That’s why we enlisted a group of information security experts to help explain the situation in Layman’s terms and offer some advice on how you can help mitigate your risk.

What exactly is the Heartbleed bug?

Type this question into any search engine and you’ll find scores of detailed descriptions dripping with complex terminology. But unless you’re an IT pro, the acronyms and technical jargon will likely make your head spin.

So we made it a bit easier to comprehend with the help of encryption expert Mark Bower of Voltage Security. He compares Heartbleed to finding a faulty car part used in nearly every make and model. The only difference is you can’t recall the Internet and all the data you put out on it.

The bug was the result of a programming error within OpenSSL back in December 2011, explains James Jones, CIO of Saife, Inc. This means the flaw has gone undetected for more than two years. Anyone who noticed the error during that time had the ability to steal small snapshots confidential data—everything from usernames and passwords to credit card info and social security numbers are vulnerable.

Why is the Heartbleed bug so bad?

So why is news of the Heartbleed bug wreaking havoc across cyberspace? Because, unlike most cyberthreats,  the bug isn’t restricted to a single website or company. In fact, it affects every website running OpenSSL version 1.0.1, which is roughly two-thirds of the Internet since 2012, according to Kellep Charles, IT security analyst at NASA.

"If deep testing isn’t being done by the good guys ... you can be sure the bad guys will find the faults first."

The vulnerability likely affected a handful of websites you use every day—Facebook, Google and Yahoo, to name a few. Any personal information disclosed on these sites may have been silently exposed and manipulated over the past two years.

What’s worse is that companies have no way of confirming whether or not their users were affected by the vulnerability, because exploitation of the bug leaves no trace of malicious activity, Charles says.

Bower says people assume certain technologies are safe just because everyone uses them, but that’s not always the case. “If deep testing isn’t being done by the good guys to make sure those parts are safe, then you can be sure the bad guys will find the faults first,” he explains.

What should you do in response to the Heartbleed bug?

The good news is that a security patch was released to repair the flaw shortly after the Heartbleed bug was announced on Monday. This correction prohibits the continuation of the vulnerability, but unfortunately there is no way to undo any damage that’s already been done.

For the most part, the onus is on IT personnel to secure their systems, revoke certificates and update login data. However, our team of experts helped us identify a few steps you can take to help avoid further risk.

1. Determine whether the sites you visit frequently have been affected

Charles advises you to retrace your steps and identify the websites you entrust with personal information. Several resources have been created (like this one) to inform you whether or not a site is vulnerable to Heartbleed. You can also download this Chrome extension called Chromebleed that warns you if a site you’re visiting has been impacted by the bug.

2. Change your passwords when directed

Once you’ve confirmed that a corrupted website has been patched and is secure, changing your password is encouraged. Our experts recommend creating a unique password for each site you visit regularly. Installing a password manager—such as Password Safe or LastPass—can help you keep track of your new passwords.

3. Be aware of potential phishing scams

Charles says to be on the lookout for suspicious messages stemming from the Heartbleed bug. If cybercriminals acquired your personal information, they may use it to con you into installing malicious software on your computer. Be mindful of the warning signs of phishing scams.

4. Keep a close eye on financial statements

Personal banking credentials and credit card information were among the data at risk of being intercepted, which means there is a high chance of fraudulent activities, Charles warns. It’s important to monitor your accounts and report any suspicious activity in the upcoming days.

Don't take the chance …

There’s no surefire way to predict the severity of the implications of the Heartbleed bug. It’s possible the engineers from Codenomicon spotted the bug before any hackers detected it. The next few weeks are sure to bring more answers.

But after hearing the warnings from information security experts, it’s clear that the potential consequences are perilous. Charles advises users to assume their information was compromised if they have used one of the affected sites.

Taking the necessary precautions to protect yourself against any detrimental effects of the Heartbleed bug is worthwhile. After all, it’s better to be safe than sorry!

Visit Heartbleed.com to find answers to more of your questions regarding the bug.

About the author

Callie Malvik

Callie is the Content Manager at Collegis Education, overseeing blog content on behalf of Rasmussen University. She is passionate about creating quality resources that empower others to improve their lives through education.

female writer

Related Content

Related Content

This piece of ad content was created by Rasmussen University to support its educational programs. Rasmussen University may not prepare students for all positions featured within this content. Please visit www.rasmussen.edu/degrees for a list of programs offered. External links provided on rasmussen.edu are for reference only. Rasmussen University does not guarantee, approve, control, or specifically endorse the information or products available on websites linked to, and is not endorsed by website owners, authors and/or organizations referenced. Rasmussen University is accredited by the Higher Learning Commission, an institutional accreditation agency recognized by the U.S. Department of Education.

logo-accreditation-acen logo-accreditation-ccne chart-credential-laddering-associates-bachelors-masters 0 Credits 90 Credits 180 Credits 48 Credits Start Here HIGH SCHOOL GRADS Start Here TRANSFER STUDENTS Start Here SECOND DEGREE PURSUERS End Here ASSOCIATE'S DEGREE Start Here MASTER'S DEGREE PURSUERS End Here BACHELOR'S DEGREE End Here MASTER'S DEGREE chart-credential-laddering-associates-bachelors 0 Credits Start Here HIGH SCHOOL GRADS Start Here TRANSFER STUDENTS 90 Credits Start Here SECOND DEGREE PURSUERS End Here ASSOCIATE'S DEGREE 180 Credits End Here BACHELOR'S DEGREE chart-credential-laddering-msn chart-credential-laddering-nursing-programs chart-credential-laddering-nursing DNP MSN RN to BSN LPN to RN Bridge Accelerated BSN Professional Nursing ADN Practical Nursing Diploma Pre-Licensure Post-Licensure icon-colored-outline-bank icon-colored-outline-certificate icon-colored-outline-circle-dollar-sign icon-colored-outline-folder-search icon-colored-outline-hand-heart icon-colored-outline-head-blocks icon-colored-outline-head-cog icon-colored-outline-head-heart icon-colored-outline-health-plus-leaves icon-colored-outline-hospital icon-colored-outline-lifelong-learning icon-colored-outline-light-bulb-analytics icon-colored-outline-location-pin icon-colored-outline-magnifying-glass icon-colored-outline-monitor-healthcare icon-colored-outline-monitor-paper-search icon-colored-outline-nurse-rays icon-colored-outline-padlock-shield icon-colored-outline-person-presenter-screen icon-colored-outline-scales ras-logo-flame ras-logo-horizontal ras-logo-stacked icon-colored-advance icon-colored-arrows-cross-curve icon-colored-briefcase-star icon-colored-build icon-colored-bulb-analytics icon-colored-certificate icon-colored-continual-development icon-colored-duo-chatbox icon-colored-folder-mortarboard icon-colored-forward-ribbon icon-colored-gears-clock icon-colored-globe-pen icon-colored-growth icon-colored-hand-bubble icon-colored-hand-stars icon-colored-hands-gear icon-colored-head-blocks icon-colored-head-cog icon-colored-health-plus-leaves icon-colored-hospital-building icon-colored-laptop-cbe-skyscraper icon-colored-laptop-checkmark icon-colored-laptop-webpage icon-colored-location-map icon-colored-location-pin icon-colored-monitor-paper-scan icon-colored-mortarboard-dollar icon-colored-national icon-colored-people-chat-bubbles icon-colored-person-cheer-star icon-colored-person-laptop-checkboxes icon-colored-person-screen-instructor icon-colored-person-whiteboard icon-colored-phone-chatbox icon-colored-police-light icon-colored-prep icon-colored-presenter icon-colored-regional icon-colored-save-time icon-colored-shirt-hat icon-colored-skyscraper icon-colored-state icon-colored-student-centered icon-colored-support icon-colored-world-experience icon-triangle-arrow-up-plant icon-triangle-calendar-pencil icon-triangle-clock-rotating-arrows icon-triangle-display-gears icon-triangle-hand-right-speech-bubble icon-triangle-laptop-coding-brackets icon-triangle-mortarboard icon-triangle-paper-ribbon icon-triangle-person-cheer-star icon-triangle-person-juggle icon-triangle-triple-people-chat-bubble icon-modality-campus icon-modality-field icon-modality-online icon-modality-residential icon-arrow icon-bank icon-camera icon-filter icon-general-chart icon-general-connect icon-general-degree icon-general-discuss icon-general-email icon-general-find icon-general-hat icon-general-heart icon-general-laptop-building icon-general-laptop icon-general-leader icon-general-map icon-general-money icon-general-paperwork icon-general-people icon-general-phone icon-general-speak-out icon-head-heart icon-info-circle icon-mail-forward icon-mglass icon-play-solid icon-quote-mark-left icon-quote-mark-right icon-scales icon-share-square-o icon-simple-chat icon-simple-desktop icon-simple-find icon-simple-hamburger icon-simple-phone icon-spinner icon-tag icon-testimonial-quotes icon-util-checkbox-white icon-util-checkbox icon-util-checked-white icon-util-checked icon-util-chevron-down icon-util-chevron-left icon-util-chevron-right icon-util-chevron-up icon-util-circle-arrow-down icon-util-circle-dot icon-util-language-switch icon-util-loading icon-util-open-window-link icon-util-pdf-link icon-util-refresh icon-util-x rebrand-arrows icon-social-facebook-colored icon-social-facebook-square-colored icon-social-facebook-square icon-social-facebook icon-social-google-plus-square icon-social-google-plus icon-social-instagram-colored icon-social-instagram icon-social-linkedin-square-colored icon-social-linkedin-square icon-social-linkedin icon-social-pinterest-p-colored icon-social-pinterest-p icon-social-twitter-colored icon-social-twitter-square icon-social-twitter icon-social-youtube-play-colored icon-social-youtube-play graduate-cap-star-coin hand-coin hand-heart nurse-stethoscope-rays card-send-smile person-yoga-pose suitcase-star