Protect yourself from Heartbleed hack

Posted on Apr 29 2014 - 7:18am by Guest Writer

By Katelynn Padron, Business Writer

Earlier this month, a Google programmer discovered the Heartbleed bug — a major coding mistake that made sensitive information such as passwords and addresses accessible to hackers — in an Internet security code.

Heartbleed was part of a Secure Sockets Layer (SSL) encryption code. According to GMO Internet Group, these codes serve to create safer connections between devices over the Internet.

A small padlock near the URL bar on a browser shows users that SSL is active.

A green bar accompanying the padlock indicates Extended Validation SSL, an extra security measure, is in play.

It’s likely for people to see this green bar on a PayPal account or online banking.

Heartbleed came from a batch of OpenSSL code. A New York Times article said OpenSSL is a branch of the security system written and maintained by independent programmers.

The programmers check and update one another’s work, like authors on Wikipedia. OpenSSL is free to any user who cites the OpenSSL Project.

According to Business Insider, the Heartbleed bug allows hackers “to trick a server into spilling out data from its memory, which can include personal information such as passwords and credit card numbers.”

Organizations ranging from Amazon to the FBI use OpenSSL to secure their Internet transactions.

Steven Henson is the only full-time developer working on OpenSSL. Henson discovered and removed the Heartbleed bug when it was inadvertently included in a 2011 code update.

But the bug was accidentally uploaded three months later. Heartbleed went unnoticed until earlier this month.

Several Google programmers developed a patch for the bug. Organizations must update their SSL coding for the patch to go into effect.

According to Business Insider, the top most used 1,000 websites have all adopted the patch and only 53 of the top 10,000 are still vulnerable.

Once a website has adopted a patch, users can change their passwords to prevent anyone from accessing their accounts.

However, changing a password prior to patching will be useless to protect information, as the new password will be available to hackers exploiting the Heartbleed glitch.

Internet users can use a free tool from McAfee to help detect websites that are affected by Heartbleed. Access it here: http://tif.mcafee.com/heartbleedtest.