Last month, news broke that the so-called Heartbleed bug compromised up to 66 percent of websites on the internet. The security breach specifically affects the SSL/TLS encryption used to secure the internet by accessing a vulnerability in OpenSSL.
To understand the severity of the Heartbleed problem, consider how SSL works: Every time you log into a website, your login credentials are encrypted using SSL. Then your information is sent to the website’s server. Heartbleed exploits a form of SSL called OpenSSL, which is used by about two-thirds of websites on the internet. The bug allows hackers to get around the encryption process and access raw text that users send to the website’s server. This could consist of passwords, emails, instant messages, or business documents.
As if that wasn’t scary enough, Heartbleed actually existed for two years before it was discovered.
So what can the average internet user do to protect themselves from Heartbleed?
- Check this link to see if websites you own or use are vulnerable to Heartbleed. If the website has not been repaired, don’t visit it. (Please note that this test is not 100 percent foolproof)
- Once a website has been fixed, you can visit it. But change your passwords right away.
- Every time you log into any website, always remember to log back out when you’re finished. This makes it less likely a hacker can access your information.
Good news: Most of the websites affected by Heartbleed have already installed a patch to fix the security breach. The rest are working to fix the problem as soon as possible. If you haven’t noticed any strange activity up until this point, you’re probably safe now. But the Heartbleed issue has pointed out the fact that we can never be too complacent about internet security.