Geeks2U Promise
We guarantee you'll love our fast, friendly service - or we'll refund your money.  
133,572 Happy Customers & Counting
Need tech support?
1300 769 448
Extended hours, 7 days a week
Home  /  geekspeak  /  Heartbleed reveals Internet insecurity, but what should you do?

Heartbleed reveals Internet insecurity, but what should you do?

Security online is something that everyone should take seriously, but what do you do when the very tools that are meant to ensure your security and privacy end up being insecure?

That’s the very real problem facing hundreds of thousands of supposedly secure web sites across the Internet thanks to an inadvertent software bug in the widely used OpenSSL package used for encrypting web traffic. Like other encryption packages, OpenSSL obscures user details such as usernames, credit card details and any other personal information, but it was recently disclosed that an error in the code used to measure the software’s heartbeat — used for keeping connections open — allowed malicious types to intercept data packets without detection.

The bug, dubbed Heartbleed, allows attackers to grab 64Kb packets of information without detection. That might not sound like much data, but the issue is that an attack en masse could reveal every bit of activity on a popular server, whether it’s for an online game or your online banking. The latter has some potentially destructive consequences.

That’s quite bad news, because it became clear as the details emerged that this is a vulnerability that’s existed for around two years now. Not every site uses affected versions of OpenSSL, and a patch was delivered with great speed, but it’s still got serious consequences for end user privacy — that’s you and me, in other words. It’s particularly troubling because, unlike many previous breaches, there’s genuinely no way to know if a site has been compromised, because the Heartbleed traffic is indistinguishable from real traffic. If you’re interested in more technical detail, there’s an excellent set of resources at heartbleed.com

So what should you do? It’s tempting to think that every password you have should be changed, and while it’s reasonable policy to change your passwords on a relatively regular basis for overall security purposes, in this case you’re better off waiting for confirmation from your online providers — whether they’re banks, shops, games, social media or any other online presence — before making the change.

Why wait? Because while Heartbleed has been present as a bug for two years, it’s been a largely unknown bug up until now. There’s no doubt with the vulnerability public that servers will be being tested for it by malicious types, which means if you put in a password change request before an affected server is patched, you could simply be handing your new password over on a platter. Once your online site has issued a statement, then it’s safe to proceed, and wise to make some changes. If in doubt, drop them a line and ask specifically about the Heartbleed bug. Not every service uses OpenSSL, so it may be a non-issue in any case, but it’s better to be safe than sorry.

A quick word of advice there, however. As with other large scale security scares, it’s almost inevitable that scammers will set up “fake” password reset pages for popular servers. If you get an email indicating that you do need to change your password, follow it up with your online service by other means. If it’s true, then there will without exception be some kind of post or news indicating that you do indeed need to make the change, whereas blindly clicking on a link in an unconfirmed email could lead you straight into the phisher’s hands, with no need for the Heartbleed bug at all.


Recent News

Google recently updated the smaller of its two smart displays, the Google Nest Hub, with a 2nd generation model that doesn’t change much visually if you’ve ever seen the original model. For those coming to the party late, Smart Displays are effectively smart speakers – think devices like the Google Nest Mini, Amazon’s Echo speakers

As our lives become increasingly more remote and location independent, the need for mobile devices is on the rise. Many Australians enjoy using multiple mobile devices – such as a smartphone, tablet and computer – to live their lives. Whether it’s responding to work emails, transferring money to a friend or tracking your steps on

Ever since Microsoft released Windows 10 – which was, astonishingly, all the way back in mid-2015 – the company has resisted the urge to shift to Windows 11, or indeed any other full “update” to Windows over that time. That’s a long time in the Windows world; after all, the predecessor version of Windows 10,

Samsung recently sent me one of its lower-cost SSD drives, the Samsung SSD 980 NVMe M.2 to test out. Drives like this one are designed for PC builders and upgraders looking to eke out as much performance from their PCs as possible, but I was curious to see what kind of impact it might have

Coronavirus (COVID-19) Update

Learn about the precautions we are taking and our new contactless pick-up and remote service options. Read More
Get help setting up your home office or homework area today. Learn More