Tech Advice13th April 2014

Heartbleed - is my information safe?

A new computer bug could put all of our information at risk - what do you need to do?

by Karl Jenkins

This week a newly discovered computer bug hit the headlines with the potential to make many websites vulnerable to attack; so what is it and what should you do about it?

It's 2014; lots of us shop online, do our banking online and send personal messages to friends and family online. One way that companies try to keep us protected when we send information through the Internet is to encrypt our personal details and messages. Encryption changes words that we can read into jumbled up computer code, for example if we take the words ‘SL First’ and encrypt it, we get: 
‚Äč

Someone who manages to steal this information from a computer would usually not be able to decrypt this information to turn it back into text that people can read. What researchers discovered this week was a bug in Internet security software (OpenSSL) that could allow people to turn that text back into people's information and passwords.

Am I infected?

This computer bug is being called ‘Heartbleed’ and its being called one of the biggest security threats in the history of the Internet. However, it does not affect your home computer, and your computer cannot get infected with it – it only affects websites, like Google, Yahoo and Amazon. For many years people have always learned that if they see the ‘padlock symbol’ on their web browser then it meant they were safe, because their information was secure (encrypted). What this bug means is that people are able to target certain websites and request information from them that they shouldn't usually be allowed to see and the servers will provide it. It allows hackers to steal data directly from websites and also pretend to be other services or users.

What now?

By this point, most of the larger online companies have fixed the problem with their servers to prevent anyone taking new data, but this issue has been undiscovered the last 2 years. As this bug has been around for so long, it’s probably advisable to change your passwords just to be onq the safe side, particularly for things like your email and social networking websites. When choosing new passwords for websites remember you should try to avoid picking anything that links directly to you; pet’s or children's names and dates of birth are usually bad passwords. You should try to include numbers and symbols wherever you can. If you struggle to remember your passwords from one week to the next, then there are plenty of solutions for managing multiple passwords like LastPass, Keepass and 1Password. My password manager of choice is LastPass, it stores all my passwords in a secure database that I can access from any computer, mobile phone or tablet. Now I just have one (very strong) password to remember and LastPass remembers the others for me.

If you’d like to see more information about which sites have been affected by the Heartbleed bug and whether you should change your password you can check this Mashable article.

Article by Karl Jenkins

posted in Technology / Tech Advice

13th April 2014