Its been all over the web, the story of Heartbleed, sometimes dubbed the biggest internet security leak of the century, and for good reason too. When people say that nothing on the web is private, nothing on the web is safe, well I hate to say it, but it is very true. Everything that you send, everything that you do, someone can easily be watching and tracking every single one of those moves, then saving that data to get at you on a rainy day. The security leak called HeartBleed has made it easier.
What exactly is HeartBleed? To put it simply it's that padlock icon on the url containing "https" not doing its job. For the technical people, its a security vulnerability in OpenSSL and it allows a hacker to easily access the memory of data servers. Being able to access those data servers means that a hacker can farm all of a users data such as password, username, and credit card information. The scary thing about it is that many websites use OpenSSL, not only that this security bug which was recently discovered, has actually existed for almost two years. Yes, that's right two years- that means that even if a website were compromised they wouldn't know it because it leaves no trace.
There are a plethora of questions when it comes to this bug, one question you may be wondering is, "how was it finally found out?" The credit for this find is given to a Google researcher named Neel Mehta, and a security firm called Codenomicon. Both parties found the bug independently of each other, but the weird thing is, is that they both discovered it on the same day. The other question would probably be, "how did this bug start out?" According to some sources it is believed that a programmer by the name of Robin Seggelmann was the one responsible for the glitchy code that was created during his years as a Ph.D from 2008 to 2012. However, since OpenSSL is actually an OpenSourced project blame cannot be put solely on one person, especially because so many were working on it together, and everyone had equal access to it.
The bigger question is how does a consumer protect him/herself? The first step is to wait and see if the specific website sends a notification saying that they have patched their site. Then, go ahead and set up new passwords. I say this because not every site was afflicted since not all sites use the same kind of encryption. Therefore, it would be a pain to change every single password without really knowing whether it was hit, also you can potentially be giving the hacker a new password. Thankfully though, cnet has been busy compiling a list of sites that were affected and their status on the issue.
The moral of this story is that nothing on the internet is safe, and nothing on the internet is private. When a user puts him/herself on the internet they are potentially allowing another human being to gather data from them, but since we live in the this modern day and age not being on the internet cannot happen. So, readers, keep yourself updated on security news and frequently check bank statements and any such things for any suspicious activity. Be safe!
