By: Deborah Ayoade
Today, appeals have been made to the public to change their security and password details as It has emerged that a critical bug known as the ‘Heartbleed’, has been uncovered at the core of the internet.
Internet security has always been of great concern to the public and large corporations with potential threats such as hacking and internet fraud high on the agenda.
Heartbleed is just the latest in the long list of bugs and threats posed by the internet to the safety and security of information stored online.
The discovery of this particular threat was made by computer security researchers at Google and security firm Codenomicon. Both companies stress that the bug poses as a threat to many of the world’s biggest websites and users of the internet.
This technological flaw can be found in the popular data encryption standard called OpenSSL.
OpenSSL is designed to protect users’ sensitive data as it travels back and forth on the web. It encodes information causing anyone without the correct key, to view the data as random nonsense.
It is not clear how widespread the exploitation of the bug has been being since the attacks leave no trace. However, a large bulk of the web could be vulnerable as more than two-thirds of websites worldwide run their secure servers on OpenSSL. This virtually makes every computer user a target to this potential threat.
Hackers can attack without a trace and steal secret keys; usernames, passwords and any other vital information or documents users have on the internet which they deemed to be safe and secure online. Hackers could exploit the bug granting them the ability to tap into and steal secure and sensitive data information, this includes banking information. Social media, email account information to name a few.
On account of this it is strongly advised that internet users change their passwords, although users should first log on to ‘Heartbleed’ website and be sure to check the status of the sites they are wanting to change their password to. This is to ensure that the company has patched up the problem on their end first before changing your password. Yahoo and Google were one of the biggest sites to be affected but they have since patched up the problem on their end. Many of the banking sites were not affected.
Advice from the Institution of Engineering and Technology (IET) to combat the Heartbleed bug:
1. Change your passwords – but only after the affected website operators and ISP, have implemented the patch to fix the bug. Changing your password before the bug is fixed could compromise your new password.
2. Regularly change your passwords. Depending on how sensitive the application/website is, passwords typically ought to be changed monthly or quarterly.
3. Don’t reuse the same passwords on different websites. Try to use a separate password for each website.
4. Use strong passwords, which are at least eight characters long, are not dictionary words or names and include at least one character from the following groups:
– upper case letters
– lower case letters
– special characters, such as punctuation and mathematical symbols (although some websites will not accept these).
5. Always make use of all authentication options on offer, e.g. a password and letters from a memorable word, or use of a security token or texting a PIN.