Geeks2U Promise
We guarantee you'll love our fast, friendly service - or we'll refund your money.  
133,572 Happy Customers & Counting
Need tech support?
1300 769 448
Extended hours, 7 days a week
Home  /  geekspeak  /  Heartbleed reveals Internet insecurity, but what should you do?

Heartbleed reveals Internet insecurity, but what should you do?

Security online is something that everyone should take seriously, but what do you do when the very tools that are meant to ensure your security and privacy end up being insecure?

That’s the very real problem facing hundreds of thousands of supposedly secure web sites across the Internet thanks to an inadvertent software bug in the widely used OpenSSL package used for encrypting web traffic. Like other encryption packages, OpenSSL obscures user details such as usernames, credit card details and any other personal information, but it was recently disclosed that an error in the code used to measure the software’s heartbeat — used for keeping connections open — allowed malicious types to intercept data packets without detection.

The bug, dubbed Heartbleed, allows attackers to grab 64Kb packets of information without detection. That might not sound like much data, but the issue is that an attack en masse could reveal every bit of activity on a popular server, whether it’s for an online game or your online banking. The latter has some potentially destructive consequences.

That’s quite bad news, because it became clear as the details emerged that this is a vulnerability that’s existed for around two years now. Not every site uses affected versions of OpenSSL, and a patch was delivered with great speed, but it’s still got serious consequences for end user privacy — that’s you and me, in other words. It’s particularly troubling because, unlike many previous breaches, there’s genuinely no way to know if a site has been compromised, because the Heartbleed traffic is indistinguishable from real traffic. If you’re interested in more technical detail, there’s an excellent set of resources at heartbleed.com

So what should you do? It’s tempting to think that every password you have should be changed, and while it’s reasonable policy to change your passwords on a relatively regular basis for overall security purposes, in this case you’re better off waiting for confirmation from your online providers — whether they’re banks, shops, games, social media or any other online presence — before making the change.

Why wait? Because while Heartbleed has been present as a bug for two years, it’s been a largely unknown bug up until now. There’s no doubt with the vulnerability public that servers will be being tested for it by malicious types, which means if you put in a password change request before an affected server is patched, you could simply be handing your new password over on a platter. Once your online site has issued a statement, then it’s safe to proceed, and wise to make some changes. If in doubt, drop them a line and ask specifically about the Heartbleed bug. Not every service uses OpenSSL, so it may be a non-issue in any case, but it’s better to be safe than sorry.

A quick word of advice there, however. As with other large scale security scares, it’s almost inevitable that scammers will set up “fake” password reset pages for popular servers. If you get an email indicating that you do need to change your password, follow it up with your online service by other means. If it’s true, then there will without exception be some kind of post or news indicating that you do indeed need to make the change, whereas blindly clicking on a link in an unconfirmed email could lead you straight into the phisher’s hands, with no need for the Heartbleed bug at all.


Recent News

We’ve ALL been there. You’re working away on that big monthly report for work and all of a sudden you start to hear what sounds like a fan going into overdrive. Panicked, you pick up your laptop and it’s super hot to the touch! Your computer starts working slower than usual and you even get

Every year since 1967, the US Consumer Electronics Show, or CES for short shows off the latest in technological innovations and products that manufacturers are hoping to bring to market. Back in 1967, that would have encompassed a lot of radio and TV products. You don’t so much see radio as a key part of

As I’m writing this, the Consumer Electronics Show that would usually take place in Las Vegas is instead being staged entirely online, due to the ongoing pandemic issues. CES has for the longest time been the place where big consumer electronics companies show off their latest TV innovations, and while it’s not debuting this year,

Like many Australians, I survive our hotter summer months thanks to the invention of air conditioning. Not that I can’t sweat it out when I have to, but equally, a good AC unit can make a hotbox of a home into something considerably more comfortable. Air conditioning isn’t a new invention – I looked it

Coronavirus (COVID-19) Update

Learn about the precautions we are taking and our new contactless pick-up and remote service options. Read More
Get help setting up your home office or homework area today. Learn More