Bleeding Bug!

The Heartbleed Bug is one of the worst to hit the internet.

Have you used a website that had a little padlock on it when you were asked to log-in or enter personal information?

If so, you may be affected by the ‘Heartbleed Bug’. It takes advantage of a major security flaw at the heart of the internet – and during the past two years might have been exposing users’ personal information and passwords to hackers.

The bug exists in software called OpenSSL – which is designed to encrypt communications between a user’s computer, and a web server. It is one of the most widely used encryption tools on the internet, believed to be deployed by roughly two-thirds of all websites. If you see a little padlock symbol in your browser, then it is likely that you are using SSL.

Half a million sites are thought to have been blighted.These include Google, Yahoo, Gmail,YouTube, and Amazon.

The affected versions of OpenSSL are Open SSL 1.0.1 through 1.0.1f (inclusive). Security experts have said the bug is ‘catastrophic’. It even has its own website www.heartbleed.com

What you need to do

It is always a good idea to use a different password for each login that you have – so now is a good time to review your passwords.

  • If the company you use wasn’t affected by the Heartbleed Bug, you don’t need to change your password – unless you use the same password on a website that was affected.
  • If the website was infected, and they have now fixed the problem, you need to update your password as soon as possible.
  • If the website was affected and it has not fixed the problem yet, then you need to wait until they have resolved everything before changing your password.To do this before the problem is fixed would reveal your new password to hackers.

Your PC’s Best Friend’s website wasn’t affected by the bug!

For advice on choosing a secure password, read my Grapevine Magazine article from September 2012 by visiting www.ypcbf.com/passwords