Blog
Introducing the Infamous Heartbleed Internet Bug
At the beginning of this month, April 2014, the Heartbleed internet virus suddenly became a household name – particularly to those involved in the online industry. Overnight, it went on to have its very own website and logo! But what exactly is Heartbleed and how does it affect us? Let’s take a closer look.
What is Heartbleed?
Surprisingly, this security bug famously known as Heartbleed, has actually been around for two years already – yet it has only been discovered and exposed now. Heartbleed is a security defect in the OpenSSL (Secure Socket Layer) code. OpenSSL allows coder users to contribute to it, which is why it’s surprising that the defect has only been detected now.
SSL is there in order for you to have your passwords and usernames remain secure over the internet; and Heartbleed is causing chaos by disrupting this security and allowing hackers to obtain your passwords and personal information. Not only has it affected websites; it’s also affected smartphones and tablets using Google’s Android software; as well as the popular routers: Juniper and Cisco.
In summary, Heartbleed makes your personal information on your websites, social media and emails susceptible to hackers.
What Caused it?
As OpenSSL suggests, it is open to the public. Anybody who knows what they’re doing coding-wise may edit or contribute to an open source code. These contributors and coders are known as authors. The author who created Heartbleed is Robin Seggelmann. He claims to have not purposefully created the flaw in the system and puts it down to there not being enough people reviewing the source codes.
It’s important to note that something as small as a missing or overlooked variable in the coding can throw the whole program off its course, which can result in many types of faults including the program not working and bugs or viruses.
How was it Exposed?
The person who finally discovered Heartbleed is Neel Mehta, who is a member of Google’s security team. Neel detected the security bug and exposed it to the world at the beginning of this month, 1 April 2014. The reveal came after a few big companies’ websites were hacked. For example, the UK’s Mums.net website was hacked – as was their account users. The hackers even went so far as to pose as the CEO. The Canada Revenue Agency was also hacked and even confirmed that 900 of their users’ security numbers were stolen.
The more companies being hacked, the more exposure this internet bug is getting and the more serious people are taking it.
Precautions to Take
Whether you’re a business owner or a consumer, you need to take necessary precautions in order to protect your private information.
Businesses especially need to make sure everyone is safe from Heartbleed if they have business partners with access to their website. You don’t want to give hackers any type of opportunity to get to your company information!
Just to be safe, whether your website, social networks or emails are Heartbleed-free or not; change your passwords. It’s a lot less of a mission to change all of your passwords than to deal with the consequences of Heartbleed affecting your accounts. If your internet access is with the routers Juniper or Cisco, you’ll need to change those passwords too – as they came out a week ago admitting that the bug got them too.
Please also be careful and wary when installing any software or programme updates.
A great way to check if your website has been affected is, thanks for Filippo, to go to this site and check it for yourself with their Heartbleed test! Simply enter in the URL of your website and click on the “Go!” button.
Which Websites Does it Affect?
It’s important that you know that many popular websites – perhaps some that you even use on a daily basis – have been affected and you need to change your passwords for it. Here is a list of some of the most popular websites who have come out and said they’ve been affected by the virus:
- Amazon
- Dropbox
- Etsy
- Flickr
- Gmail
- Netflix
- Sound Cloud
- Tumblr
- Wikipedia
- WordPress
- Yahoo
- Yahoo mail
- YouTube
Have any of you experienced Heartbleed with one of your websites or accounts? Drop us a line in the comment box and let us know!