Heartbleed Bug: What union members need to know
Data security seems to stay in the news. The Heartbleed Bug comes only months after data breaches at Target, where the credit card and security card information of 70 million customers were stolen, and the University of Maryland, where more than 300,000 personal records were compromised.
Why is everyone talking about a Heartbleed Bug? With a name like “Hearbleed,” it must really bad, right? Well, actually, it really is.
In a nut shell, websites that have been saving passwords, credit card numbers, addresses, and other forms of personal information may not be very good at keeping information private. The cause is a flaw in the OpenSSL Software (which protects a lot of websites) that allows anyone on the Internet to read the memory of an OpenSLL Software protected website.
To keep your information safe, here’s what the Heartbleed Bug is and what to do about it. Also, to keep your identity safe, here are some best practices you can do to protect yourself and family members against identity theft.
What is the Heartbleed Bug, anyway?
Without going too in-depth into technical jargon (here is a great website for that information), websites need to send data that users want to keep secure, such as sending emails or instant messages. A website will encrypt that data, making the data in this secure line unreadable to anyone except the recipient.
However, one computer is able to check whether or not the secure line is open between another computer by sending out a small packet of data what’s known as a “heartbeat” requesting a response. Researchers have found that it is possible to manipulate this data to solicit sensitive information from another computer.
- This flaw has been in the code for more than two years
- Using a “heartbeat” leaves no trace
- The flaw allows hackers to steal encryption keys, exposing the data of secure lines
What you should do:
- Be smart. Assume your accounts may have been compromised, and make sure to change passwords.
- Be vigilant. Many websites still have not upgraded to SLL software without the bug. Therefore, immediately changing your password may not be a permanent solution. To check, use this Hearbleed test.
- Be up-to-date. Read more at the Heartbleed Bug website.