We might all be thinking what is the big deal about Heartbleed OpenSSL vulnerability and is it being blown out of proportion? The answer is no! Heartbleed is very bad and a major problem that is bleeding out your internet security.
Heartbleed is one of the biggest, most widespread vulnerabilities in the history of the internet. It was originally found by Google and at an independent firm call Codenomicon, and it has compromises at least 66% of active websites, according to the team that discovered it. What makes it worse is that it is very technical and it’s hard for us regular users to understand why this vulnerability is a beg deal, what services have been vulnerable in the past and what services remain vulnerable now.
Another issues is that the technical issues of Heartbleed means that as an end user, you are limited in how to protect yourself. The obligation is on the person who manages the web service and also who manages the back-end service the web service uses and not the end user.
So what makes Heartbleed so bad? Why is this such a big deal?
The heart of Heartbleed is about encryption. Whenever data (passwords, usernames, etc.) is sent through the Internet, it gets encrypted, or turned into a code, so hackers can’t access it. What makes the Heartbleed weakness truly scary is that it can allow hackers to break that encryption and access to your emails, passwords, documents and instant messages across a large portion of the Internet. Though is was just discovered, this bug has likely been spreading for two years now.
What Can We Do?
You can and should check to see if website you visit a lot have been impacted by this bug before you visit them again. You can download this Chrome extension, Chromebleed, that warns you when a site you’re visiting has been affected.
You can also check a website to see if it has been impacted. This site was created by Filippo Valsorda, who is an Italian Security Consultant. This test is not foolproof though, so don’t rely on it alone. Heartbleed Test
What else could you do? You could start to change your passwords, however, don’t go changing all of your passwords unless a site directs you to. Even this might be much, password changing could “exacerbate the problem,” security experts tell CNET.
This issue of Heartbleed is really up to the Internet companies we use to fix the bug, so in all reality there’s not a ton you can do on your own to combat it. “Service providers and users have to install the fix as it becomes available for the operating systems, networked appliances and software they use,” Heartbleed.com, a site set up to explain the security flaw, reads. Until a site installs a fix, we’re all left vulnerable.
How does Covvo handle Heartbleed?
At Covvo, we recommend our clients use our managed hosting solutions if not already doing so. This puts the onus of security updates on the experts who are trained to deal with these kinds of situations. All of our preferred hosting partners applied the patch within 24 hours of it being known.
Where can I find more information?
Check out Hearbleed.com for more information.
Check out Passwords that you should change on Mashable.com