What You Need to Know About the Heartbleed Bug

heartbleed-bug-headerThe big tech news of the week has been a security loophole that could be affecting some of your favourite websites and could be resulting in the leak of your confidential data. A security bug in SSL encryption called Heartbleed allows malicious users to potentially gain access to data that you’d rather keep private.

The Heartbleed Bug works by exploiting the heartbeat function of SSL encryption. The heartbeat is a short message that one computer on one end of the SSL connection sends to a computer on the other end to ensure that it’s still there. A member of Google’s security team and a team at software security company Codenomicon found that a properly formatted malicious message would cause that heartbeat to be responded to with confidential information.

These heartbeat responses could include all sorts of confidential information that you’ve uploaded to a website, not just your password or credit card information. A malicious heartbeat could trick a server into returning thousands of characters of data to an attacker.

The bug only affects websites using OpenSSL encryption and servers running Apache or Nginx software. A patch was released on Monday to eliminate the issue but that doesn’t mean that you’re 100% safe.

A number of different websites are tracking which websites have noted a vulnerability and the status of their security updates. Affected websites reportedly include Google, Yahoo, Tumblr, Instagram, and Pinterest. Gamers should note that Minecraft was also affected by the Heartbleed Bug. In Canada, the Canada Revenue Agency, the Canadian equivalent to the IRS, has shut down their online services until they have their security issues solved. That wouldn’t be an issue if taxes weren’t due in less than three weeks.

If a website you use has been affected by the Heartbleed Bug, don’t run out and change your password immediately. Wait until they confirm that the issue has been resolved. If you change your password now, you might still be exposed to having your data stolen. If you wait until that website has been patched, your password change should go through safely.

Sources: Mashable (1), VoxMashable (2)


About Steve Murray

Steve is the founder and editor of The Lowdown Blog and et geekera. On The Lowdown Blog, he often writes about motorsports, hockey, politics and pop culture. Over on et geekera, Steve writes about geek interests and lifestyle. Steve is on Twitter at @TheSteveMurray.

Posted on April 11, 2014, in Tech and tagged , , . Bookmark the permalink. Leave a comment.

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: