In recent weeks countless news stories shed light on the so-called “Heartbleed bug” and its pervasive reach threatening internet security and potential ramifications including identity theft. It has been deemed as “catastrophic” by industry experts, but what is it?
Understanding the Danger
The Heartbleed bug works by creating a pathway into security software. Unfortunately, the security software made vulnerable is some of the most widely used protection for sensitive information used on the internet. The software affected is the OPenSSL, a security tool used by web pages everywhere to keep user content and information safe.
To make matters worse, the Heartbleed bug has been around for years already without being detected. Also, use by hackers of the security flaw created by the bug leaves absolutely no trace on computer logs. The Heartbleed bug stands alone in comparison to past web security breaches in its ease of use by hackers, sheer length of existence, scope of applicability, and reach to the four corners of the internet.
Typically when a user is conducting private business online, the information being entered on their computer is encrypted by software. That is when a user would see a little padlock icon in the URL window at the top of the browser. However, that very security layer is what was pierced by the Heartbleed bug.
The pathway created by the bug allows access to user’s personal information like passwords, logins, and content like emails, web history and online banking records. Anything online worthy of encryption is in harm’s way. Over 17 percent of the internet’s secure areas are thought to have been compromised leaving the information that flowed through those sites open to exploitation.
An even more nefarious potential use of the bug allows for imitation of authenticity certificates. This permits thieves to create seemingly safe spaces online, or even impersonate trusted sites.
A Fix to the Problem?
A repaired version of the corrupted security software has been released. However, the true damage has already been done the extent of which cannot yet be estimated.
Arrests have already been made as some hackers have capitalized on the security weakness. However, the actual designers of the bug are still at large. Furthermore, there really is no anticipated extent to the potential damage that could be caused when information already collected is used for illicit purposes.
Experts recommend changing passwords and logins as soon as possible. It is also a wise precaution to check online banking and other online financial tools, like PayPal and stock trading accounts, for discrepancies. Some have even called for staying away from online services entirely until the dust settles.
The real danger of the Heartbleed bug is that victims will not know they have been involved until it is too late. Cleaning up this mess could take years, and who is to blame is still a question that needs an answer. The best thing to be done now is to monitor information to see if you as a internet user have been harmed. If so, take immediate steps including seeking competent legal counsel that is up to date on personal identity theft issues.