Everything You Need to Know About the 'Catastrophic' Heartbleed Bug

heartbleed bugIf you’ve so much as scrolled through your Facebook news feed or tuned into a newscast the past few days you’ve likely heard the hoopla about the Heartbleed bug.

The potentially lethal bomb was dropped Monday, April 7, when it was announced that a group of engineers from Codenomicon discovered a serious vulnerability affecting a widely-used encryption protocol known as OpenSSL. It has since been described as “the most dangerous security flaw on the web,” and “the ultimate web nightmare.”

But is it really as bad as it sounds?

Put simply, the answer is yes! At least according to Bruce Schneier, cryptographer and computer security and privacy expert. He called Heartbleed potentially “catastrophic,” in an April 10 blog post. “On a scale of 1 to 10, this is an 11,” he wrote.

A hazard this huge is bound to leave you with a handful of questions. That’s why we enlisted a group of information security experts to help explain the situation in Layman’s terms and offer some advice on how you can help mitigate your risk.

What exactly is the Heartbleed bug?

Type this question into any search engine and you’ll find scores of detailed descriptions dripping with complex terminology. But unless you’re an IT pro, the acronyms and technical jargon will likely make your head spin.

So we made it a bit easier to comprehend with the help of encryption expert Mark Bower of Voltage Security. He compares Heartbleed to finding a faulty car part used in nearly every make and model. The only difference is you can’t recall the Internet and all the data you put out on it.

The bug was the result of a programming error within OpenSSL back in December 2011, explains James Jones, CIO of Saife, Inc. This means the flaw has gone undetected for more than two years. Anyone who noticed the error during that time had the ability to steal small snapshots confidential data—everything from usernames and passwords to credit card info and social security numbers are vulnerable.

Why is the Heartbleed bug so bad?

So why is news of the Heartbleed bug wreaking havoc across cyberspace? Because, unlike most cyberthreats,  the bug isn’t restricted to a single website or company. In fact, it affects every website running OpenSSL version 1.0.1, which is roughly two-thirds of the Internet since 2012, according to Kellep Charles, IT security analyst at NASA.

"If deep testing isn’t being done by the good guys ... you can be sure the bad guys will find the faults first."

The vulnerability likely affected a handful of websites you use every day—Facebook, Google and Yahoo, to name a few. Any personal information disclosed on these sites may have been silently exposed and manipulated over the past two years.

What’s worse is that companies have no way of confirming whether or not their users were affected by the vulnerability, because exploitation of the bug leaves no trace of malicious activity, Charles says.

Bower says people assume certain technologies are safe just because everyone uses them, but that’s not always the case. “If deep testing isn’t being done by the good guys to make sure those parts are safe, then you can be sure the bad guys will find the faults first,” he explains.

What should you do in response to the Heartbleed bug?

The good news is that a security patch was released to repair the flaw shortly after the Heartbleed bug was announced on Monday. This correction prohibits the continuation of the vulnerability, but unfortunately there is no way to undo any damage that’s already been done.

For the most part, the onus is on IT personnel to secure their systems, revoke certificates and update login data. However, our team of experts helped us identify a few steps you can take to help avoid further risk.

1. Determine whether the sites you visit frequently have been affected

Charles advises you to retrace your steps and identify the websites you entrust with personal information. Several resources have been created (like this one) to inform you whether or not a site is vulnerable to Heartbleed. You can also download this Chrome extension called Chromebleed that warns you if a site you’re visiting has been impacted by the bug.

2. Change your passwords when directed

Once you’ve confirmed that a corrupted website has been patched and is secure, changing your password is encouraged. Our experts recommend creating a unique password for each site you visit regularly. Installing a password manager—such as Password Safe or LastPass—can help you keep track of your new passwords.

3. Be aware of potential phishing scams

Charles says to be on the lookout for suspicious messages stemming from the Heartbleed bug. If cybercriminals acquired your personal information, they may use it to con you into installing malicious software on your computer. Be mindful of the warning signs of phishing scams.

4. Keep a close eye on financial statements

Personal banking credentials and credit card information were among the data at risk of being intercepted, which means there is a high chance of fraudulent activities, Charles warns. It’s important to monitor your accounts and report any suspicious activity in the upcoming days.

Don't take the chance …

There’s no surefire way to predict the severity of the implications of the Heartbleed bug. It’s possible the engineers from Codenomicon spotted the bug before any hackers detected it. The next few weeks are sure to bring more answers.

But after hearing the warnings from information security experts, it’s clear that the potential consequences are perilous. Charles advises users to assume their information was compromised if they have used one of the affected sites.

Taking the necessary precautions to protect yourself against any detrimental effects of the Heartbleed bug is worthwhile. After all, it’s better to be safe than sorry!

Visit Heartbleed.com to find answers to more of your questions regarding the bug.

Callie Malvik

Callie is the Content Manager at Collegis Education, overseeing blog content on behalf of Rasmussen College. She is passionate about creating quality resources that empower others to improve their lives through education.

female writer

Related Content

This piece of ad content was created by Rasmussen College to support its educational programs. Rasmussen College may not prepare students for all positions featured within this content. Please visit www.rasmussen.edu/degrees for a list of programs offered. External links provided on rasmussen.edu are for reference only. Rasmussen College does not guarantee, approve, control, or specifically endorse the information or products available on websites linked to, and is not endorsed by website owners, authors and/or organizations referenced. Rasmussen College is a regionally accredited private college.

logo-accreditation-acen logo-accreditation-ccne chart-credential-laddering-healthcare-management 0 Credits 90 Credits 180 Credits 48 Credits Start Here HIGH SCHOOL GRADS Start Here TRANSFER STUDENTS Start Here SECOND DEGREE PURSUERS End Here ASSOCIATE’S DEGREE Start Here MASTER’S DEGREE PURSUERS End Here BACHELOR’S DEGREE End Here MASTER’S DEGREE chart-credential-laddering-rsb 0 Credits Start Here HIGH SCHOOL GRADS Start Here TRANSFER STUDENTS 90 Credits Start Here SECOND DEGREE PURSUERS End Here ASSOCIATE'S DEGREE 180 Credits End Here BACHELOR'S DEGREE chart-credential-laddering-rsd 0 Credits Start Here HIGH SCHOOL GRADS Start Here TRANSFER STUDENTS 91 Credits Start Here SECOND DEGREE PURSUERS End Here ASSOCIATE'S DEGREE 181 Credits End Here BACHELOR'S DEGREE chart-credential-laddering-rsjs 0 Credits Start Here HIGH SCHOOL GRADS Start Here TRANSFER STUDENTS 91 Credits Start Here SECOND DEGREE PURSUERS End Here ASSOCIATE'S DEGREE 180 Credits End Here BACHELOR'S DEGREE chart-credential-laddering-rsn 0 Credits Start Here HIGH SCHOOL GRADS Start Here TRANSFER STUDENTS 91 Credits Start Here SECOND DEGREE PURSUERS End Here ASSOCIATE'S DEGREE 181 Credits End Here BACHELOR'S DEGREE icon-colored-advance icon-colored-arrows-cross-curve icon-colored-build icon-colored-bulb-analytics icon-colored-certificate icon-colored-continual-development icon-colored-folder-mortarboard icon-colored-globe-pen icon-colored-growth icon-colored-hand-bubble icon-colored-head-blocks icon-colored-head-cog icon-colored-laptop-cbe-skyscraper icon-colored-laptop-webpage icon-colored-location-pin icon-colored-monitor-paper-scan icon-colored-national icon-colored-person-whiteboard icon-colored-police-light icon-colored-prep icon-colored-presenter icon-colored-regional icon-colored-save-time icon-colored-skyscraper icon-colored-state icon-colored-student-centered icon-colored-support icon-colored-world-experience icon-colored-outline-bank icon-colored-outline-certificate icon-colored-outline-circle-dollar-sign icon-colored-outline-folder-search icon-colored-outline-hand-heart icon-colored-outline-head-blocks icon-colored-outline-head-cog icon-colored-outline-head-heart icon-colored-outline-health-plus-leaves icon-colored-outline-hospital icon-colored-outline-light-bulb-analytics icon-colored-outline-magnifying-glass icon-colored-outline-monitor-healthcare icon-colored-outline-monitor-paper-search icon-colored-outline-nurse-rays icon-colored-outline-padlock-shield icon-bank icon-general-chart icon-general-connect icon-general-degree icon-general-discuss icon-general-email icon-general-find icon-general-hat icon-general-heart icon-general-laptop-building icon-general-laptop icon-general-leader icon-general-map icon-general-money icon-general-paperwork icon-general-people icon-general-phone icon-general-speak-out icon-head-heart icon-mglass icon-scales icon-camera icon-filter icon-info-circle icon-mail-forward icon-play-solid icon-quote-mark-left icon-quote-mark-right icon-share-square-o icon-spinner icon-tag rebrand-arrows ras-logo-flame ras-logo-horizontal ras-logo-stacked icon-simple-chat icon-simple-desktop icon-simple-find icon-simple-hamburger icon-simple-phone icon-testimonial-quotes icon-social-facebook-square-colored icon-social-facebook-square icon-social-facebook icon-social-google-plus-square icon-social-google-plus icon-social-instagram icon-social-linkedin-square-colored icon-social-linkedin-square icon-social-linkedin icon-social-pinterest-p icon-social-twitter-square icon-social-twitter icon-social-youtube-play-colored icon-social-youtube-play icon-util-checkbox-white icon-util-checkbox icon-util-checked-white icon-util-checked icon-util-chevron-down icon-util-chevron-left icon-util-chevron-right icon-util-chevron-up icon-util-language-switch icon-util-loading icon-util-open-window-button icon-util-open-window-link icon-util-pdf-button icon-util-pdf-link icon-util-refresh icon-util-x