Geeks2U Promise
We guarantee you'll love our fast, friendly service - or we'll refund your money.
133,572 Happy Customers & Counting
Need tech support?
1300 769 448
Extended hours, 7 days a week
Home  /  geekspeak  /  Heartbleed reveals Internet insecurity, but what should you do?

Heartbleed reveals Internet insecurity, but what should you do?


Security online is something that everyone should take seriously, but what do you do when the very tools that are meant to ensure your security and privacy end up being insecure?

That’s the very real problem facing hundreds of thousands of supposedly secure web sites across the Internet thanks to an inadvertent software bug in the widely used OpenSSL package used for encrypting web traffic. Like other encryption packages, OpenSSL obscures user details such as usernames, credit card details and any other personal information, but it was recently disclosed that an error in the code used to measure the software’s heartbeat — used for keeping connections open — allowed malicious types to intercept data packets without detection.

The bug, dubbed Heartbleed, allows attackers to grab 64Kb packets of information without detection. That might not sound like much data, but the issue is that an attack en masse could reveal every bit of activity on a popular server, whether it’s for an online game or your online banking. The latter has some potentially destructive consequences.

That’s quite bad news, because it became clear as the details emerged that this is a vulnerability that’s existed for around two years now. Not every site uses affected versions of OpenSSL, and a patch was delivered with great speed, but it’s still got serious consequences for end user privacy — that’s you and me, in other words. It’s particularly troubling because, unlike many previous breaches, there’s genuinely no way to know if a site has been compromised, because the Heartbleed traffic is indistinguishable from real traffic. If you’re interested in more technical detail, there’s an excellent set of resources at

So what should you do? It’s tempting to think that every password you have should be changed, and while it’s reasonable policy to change your passwords on a relatively regular basis for overall security purposes, in this case you’re better off waiting for confirmation from your online providers — whether they’re banks, shops, games, social media or any other online presence — before making the change.

Why wait? Because while Heartbleed has been present as a bug for two years, it’s been a largely unknown bug up until now. There’s no doubt with the vulnerability public that servers will be being tested for it by malicious types, which means if you put in a password change request before an affected server is patched, you could simply be handing your new password over on a platter. Once your online site has issued a statement, then it’s safe to proceed, and wise to make some changes. If in doubt, drop them a line and ask specifically about the Heartbleed bug. Not every service uses OpenSSL, so it may be a non-issue in any case, but it’s better to be safe than sorry.

A quick word of advice there, however. As with other large scale security scares, it’s almost inevitable that scammers will set up “fake” password reset pages for popular servers. If you get an email indicating that you do need to change your password, follow it up with your online service by other means. If it’s true, then there will without exception be some kind of post or news indicating that you do indeed need to make the change, whereas blindly clicking on a link in an unconfirmed email could lead you straight into the phisher’s hands, with no need for the Heartbleed bug at all.


Recent News


After starting out as a minor player, FttDP appears destined to play a key role in Australia’s National Broadband Network. The NBN has become a political football over the last few years, with the network design changing several times along the way. As a result it’s hard to know exactly what kind of connection will… More 


The changing of the seasons presents the perfect opportunity to get into good habits when it comes to keeping your business safe. We all have our annual rituals, like changing the batteries in the office smoke alarm when we adjust the clocks for daylight savings. Just like that smoke alarm, there are digital security issues… More 


The chances are pretty good that you’ve used the GPS (Global Positioning System) hardware at some point in the recent past, whether on a dedicated satellite navigation device such as a car-based system, or any of a number of GPS apps available for popular smartphone operating systems. It’s even the basis for popular gaming applications,… More 


If you’re still holding onto an older phone — most likely a Nokia handset, because they were very much the style ten or more years ago — and you’re happy with it, I’m sorry to say that your happiness is going to be cut rather abruptly short. That’s because older candybar style phones are almost… More