Perhaps not as famous or earth-shatteringly threatening as the Y2K virus was supposed to be, a newly discovered security flaw named Heartbleed has still managed to affect 66% (or two thirds) of the Internet, leaving a lot of users to the mercy of hackers.
So, how does this aptly named bug work? First, you’ll have to understand what an important Internet security protocol called OpenSSL is. Every time you attempt to login to a site, all your login information, such as your username and password, is sent to a server by first encrypting it using a protocol called Secure Sockets Layer(SSL). Each software developer implements SSL in a different way. The most commonly used open-source implementation of SSL is OpenSSL, which is used by as much as two-thirds of the websites presently active on the World Wide Web.
Heartbleed is a glitch in OpenSSL that hackers can use to gain access to plain texts from emails, instant messages, passwords, business documents-pretty much anything a user sends to a server that is not properly protected.
Heartbleed had been in existence for over 2 years before anyone with remotely good interests had even noticed it, giving hackers enough time to find and utilize this bug to gain access to valuable user information.
The question always arises “How can Internet users, who don’t know much about systems, protect themselves”? According to most experts, there isn’t much we can really do about it. Matthew Prince, CEO of content delivery network Cloudflare, one of the first businesses to be informed about the existence of such bug, had this to say about normal people protecting themselves:
“When you finish using a website, make sure to actively log out.”This is basically all you can do to prevent your data from being hacked into and losing whatever privacy you had left in the digital world; which although is not much, still reduces the chances of anyone stealing your personal data.”
Although the situation is dire, there is much optimism about this glitch being fixed soon. Almost all major online services are actively trying to fix the problem on their end, since it is such a high-risk affair. Users of Twitter, Facebook, and Youtube don’t have to worry about heartbleed anymore, as these services have patched up their systems; but there are still some high-profile websites who have not done it. These include popular sites such as OKCupid, Flickr, and Yahoo.com among various others who still remain exposed and their users unprotected from hackers thanks to this Heartbleed bug.
Sites which are still vulnerable to the Heartbleed bug should not be logged into until and unless the Heartbleed glitch has been dealt with by the experts. Though some might find this hard due to our current over-reliance on social media, this is the best course to avoid being hacked into. There are websites on the internet that allow you to check whether certain sites have managed to stamp out the Heartbleed glitch in the OpenSSL. But these websites are notoriously unreliable. Therefore, your best bet would be to instead rely on the official twitter feeds or blogs of the vulnerable sites to know how far along they are in the process of getting rid of this flaw in OpenSSL.
Once you have received confirmation that the Heartbleed bug has been dealt with, you can login into your account. But, once you do that, remember to immediately change your login credentials. This way, you can ensure that hackers who had access to your personal data previously, do not possess it any longer.
You can add to your online safety practice by investing in VPN services like Hide My IP, which will give you added protection for your ISP IP address and from apps and programs trying to access it.