Geeks2U Promise
We guarantee you'll love our fast, friendly service - or we'll refund your money.  
133,572 Happy Customers & Counting
Need tech support?
1300 769 448
Extended hours, 7 days a week
Home  /  geekspeak  /  Heartbleed reveals Internet insecurity, but what should you do?

Heartbleed reveals Internet insecurity, but what should you do?

Security online is something that everyone should take seriously, but what do you do when the very tools that are meant to ensure your security and privacy end up being insecure?

That’s the very real problem facing hundreds of thousands of supposedly secure web sites across the Internet thanks to an inadvertent software bug in the widely used OpenSSL package used for encrypting web traffic. Like other encryption packages, OpenSSL obscures user details such as usernames, credit card details and any other personal information, but it was recently disclosed that an error in the code used to measure the software’s heartbeat — used for keeping connections open — allowed malicious types to intercept data packets without detection.

The bug, dubbed Heartbleed, allows attackers to grab 64Kb packets of information without detection. That might not sound like much data, but the issue is that an attack en masse could reveal every bit of activity on a popular server, whether it’s for an online game or your online banking. The latter has some potentially destructive consequences.

That’s quite bad news, because it became clear as the details emerged that this is a vulnerability that’s existed for around two years now. Not every site uses affected versions of OpenSSL, and a patch was delivered with great speed, but it’s still got serious consequences for end user privacy — that’s you and me, in other words. It’s particularly troubling because, unlike many previous breaches, there’s genuinely no way to know if a site has been compromised, because the Heartbleed traffic is indistinguishable from real traffic. If you’re interested in more technical detail, there’s an excellent set of resources at heartbleed.com

So what should you do? It’s tempting to think that every password you have should be changed, and while it’s reasonable policy to change your passwords on a relatively regular basis for overall security purposes, in this case you’re better off waiting for confirmation from your online providers — whether they’re banks, shops, games, social media or any other online presence — before making the change.

Why wait? Because while Heartbleed has been present as a bug for two years, it’s been a largely unknown bug up until now. There’s no doubt with the vulnerability public that servers will be being tested for it by malicious types, which means if you put in a password change request before an affected server is patched, you could simply be handing your new password over on a platter. Once your online site has issued a statement, then it’s safe to proceed, and wise to make some changes. If in doubt, drop them a line and ask specifically about the Heartbleed bug. Not every service uses OpenSSL, so it may be a non-issue in any case, but it’s better to be safe than sorry.

A quick word of advice there, however. As with other large scale security scares, it’s almost inevitable that scammers will set up “fake” password reset pages for popular servers. If you get an email indicating that you do need to change your password, follow it up with your online service by other means. If it’s true, then there will without exception be some kind of post or news indicating that you do indeed need to make the change, whereas blindly clicking on a link in an unconfirmed email could lead you straight into the phisher’s hands, with no need for the Heartbleed bug at all.


Recent News

Apple typically holds a launch event in September for its new model iPhones. Whenever those new phones launch is when the new versions of its mobile operating systems launch as well. They all used to be called “iOS”, but this now encompasses iPadOS, watchOS, and tvOS. iOS itself covers phones and iPod Touch only. Usually,

Chromebooks are laptops that use Google’s Chrome browser as the basis for their operating system. We’ve discussed them before but to date most of the models sold in Australia have tended to be low cost models pitched at the education market. As a much more controlled computer there’s less that can go wrong with a

When Apple announced recently that it was going to shift from producing computers using Intel processors to its own “Apple Silicon” it also said that it would still produce some Macs with Intel inside over the next couple of years. That’s just what’s happened with the very first Mac Apple’s released since dropping its Apple

We live in an age where it’s absolutely assumed that the vast majority of your interactions with computers will be with visual interfaces – strictly speaking Graphical User Interfaces if you want to get on the jargon bandwagon – but it certainly wasn’t always that way. To get to the touch, voice and mouse-activated interfaces

Coronavirus (COVID-19) Update

Learn about the precautions we are taking and our new contactless pick-up and remote service options. Read More
Get help setting up your home office or homework area today. Learn More