Geeks2U Promise
We guarantee you'll love our fast, friendly service - or we'll refund your money.  
133,572 Happy Customers & Counting
Need tech support?
1300 769 448
Extended hours, 7 days a week
Home  /  geekspeak  /  Heartbleed reveals Internet insecurity, but what should you do?

Heartbleed reveals Internet insecurity, but what should you do?

Security online is something that everyone should take seriously, but what do you do when the very tools that are meant to ensure your security and privacy end up being insecure?

That’s the very real problem facing hundreds of thousands of supposedly secure web sites across the Internet thanks to an inadvertent software bug in the widely used OpenSSL package used for encrypting web traffic. Like other encryption packages, OpenSSL obscures user details such as usernames, credit card details and any other personal information, but it was recently disclosed that an error in the code used to measure the software’s heartbeat — used for keeping connections open — allowed malicious types to intercept data packets without detection.

The bug, dubbed Heartbleed, allows attackers to grab 64Kb packets of information without detection. That might not sound like much data, but the issue is that an attack en masse could reveal every bit of activity on a popular server, whether it’s for an online game or your online banking. The latter has some potentially destructive consequences.

That’s quite bad news, because it became clear as the details emerged that this is a vulnerability that’s existed for around two years now. Not every site uses affected versions of OpenSSL, and a patch was delivered with great speed, but it’s still got serious consequences for end user privacy — that’s you and me, in other words. It’s particularly troubling because, unlike many previous breaches, there’s genuinely no way to know if a site has been compromised, because the Heartbleed traffic is indistinguishable from real traffic. If you’re interested in more technical detail, there’s an excellent set of resources at heartbleed.com

So what should you do? It’s tempting to think that every password you have should be changed, and while it’s reasonable policy to change your passwords on a relatively regular basis for overall security purposes, in this case you’re better off waiting for confirmation from your online providers — whether they’re banks, shops, games, social media or any other online presence — before making the change.

Why wait? Because while Heartbleed has been present as a bug for two years, it’s been a largely unknown bug up until now. There’s no doubt with the vulnerability public that servers will be being tested for it by malicious types, which means if you put in a password change request before an affected server is patched, you could simply be handing your new password over on a platter. Once your online site has issued a statement, then it’s safe to proceed, and wise to make some changes. If in doubt, drop them a line and ask specifically about the Heartbleed bug. Not every service uses OpenSSL, so it may be a non-issue in any case, but it’s better to be safe than sorry.

A quick word of advice there, however. As with other large scale security scares, it’s almost inevitable that scammers will set up “fake” password reset pages for popular servers. If you get an email indicating that you do need to change your password, follow it up with your online service by other means. If it’s true, then there will without exception be some kind of post or news indicating that you do indeed need to make the change, whereas blindly clicking on a link in an unconfirmed email could lead you straight into the phisher’s hands, with no need for the Heartbleed bug at all.


Recent News

Social media can be a huge force for change, and in these times where many of us are bouncing in and out of lockdowns, also a vital lifeline for communication on everything from important matters to the wildly trivial. We’re all allowed our personal obsessions, after all. However, many of us don’t think about the

Microsoft recently released its first public-facing beta version of the Windows 11 operating system that it will ship later this year. You’ve got to be signed up to its Windows Insider program to get it – and be willing to accept a little risk in terms of unstable operating systems – but then this is

Telstra recently announced that its 5G coverage for its mobile phone network covers around 75% of the Australian population. It’s also announced the “longest” (as in range) 5G phone call in the world, spanning some 113km in Gippsland. Meanwhile, rival telco Optus has claimed that it’s hit 300mbps upstream on trials of its emerging mmWave

Microsoft recently announced its next generation of the Windows operating system, Windows 11. If you’re thinking that seems odd given it did announce some years back that Windows 10 would be the “final” version of Windows, you’re not alone. For many years now, Microsoft’s simply provided Windows 10 updates rather than “new” versions of Windows,

Coronavirus (COVID-19) Update

Learn about the precautions we are taking and our new contactless pick-up and remote service options. Read More
Get help setting up your home office or homework area today. Learn More