Earlier this week, the world of internet security was turned upside down by something known as the Heartbleed bug. According to some experts, it’s already being called one of the biggest security threats in the history of the internet. However, unless you happen have an IT major for a roommate, the issue might be a little hard to understand. So to make it easier, we’ve compiled a list of three things you should know about the bug, spelled out in the simplest terms possible. The list also includes what the bug means for you and how you can take action to protect yourself. Take these steps, and you’ll be good to go.
1) The Heartbleed bug is a serious flaw in the popular encryption software known as OpenSSL, which keeps our communications secure on the web. Still following? Think of the little padlock you see at the top of your web browser when logging into Facebook or buying something on Amazon. That shows that your information is encrypted (making it unreadable to unauthorized individuals). OpenSSL is a type of encryption that is widely used on a number of different websites.
2) One of the features in OpenSSL is called a heartbeat. A computer that is using this type of encryption sends out a short message (or heartbeat) to ensure that the other end is still online and get a response back. The Heartbleed bug allows malicious parties to send out a false heartbeat and therefore access private information such as credit card numbers, secret keys and passwords. If this still doesn’t make sense, Vox has a very simple illustration that should clear things up.
3) So how do you protect yourself? For one, people are being advised to change their passwords for each and every site affected by the bug. And not only that, but if you use the same password on a site that was vulnerable as you do everywhere else on the internet, you need to change your password everywhere. You can find a list of sites that were affected by clicking here. If a site you use isn’t on the list, try this tool. However, even if you do take this precautionary measure, there’s no saying whether or not your information has already been compromised. There have not been any known cases of malicious parties using Heartbleed as of right now, but websites will be on the lookout for any suspicious activity within the coming weeks.