What is the Heartbleed OpenSSL Bug, and how can you protect your PC?

heartbleed web bug potentially exposes untold amounts of private data heart bleed

A serious vulnerability in the OpenSSL Internet encryption protocol known as the Heartbleed bug has potentially left the information of most Internet users vulnerable to hackers.

That’s according to a team of Codenomicon researchers, as well as Google Security researcher Neel Mehta. Codenomicon is a Web security firm whose clients include Microsoft, Verizon, and Cisco Systems. The Heartbleed bug reportedly affects as much as 66 percent of the world’s active websites, and has existed for roughly two years.

OpenSSL is a method of encryption employed by many websites that safeguard the data you type into your Web browser. OpenSSL contains a function known as a heartbeat option. With it, while a person is visiting a website that encrypts data using OpenSSL, his computer periodically sends and receives messages to check whether both his PC and the server on the other end are both still connected. The Heartbleed bug means hackers can send fake heartbeat messages, which can trick a site’s server into relaying data that’s stored in its RAM — including sensitive information such as usernames, passwords, credit card numbers, emails, and more.

“Considering the long exposure, ease of exploitation, and attacks leaving no trace, this exposure should be taken seriously,” Codenomicon warns.

The security researchers who uncovered the hole say that hackers who exploit the Heartbleed bug can steal all that and more, even instant messages and business documents. The researchers tested the flaw out for themselves, and discovered that they were able to steal such information without leaving any trace of their attack, and also without the benefit of any “privileged information,” including log-in credentials.

What can you do to protect yourself from the Heartbleed bug?

Aside from avoiding affected sites, which reportedly include Yahoo and OkCupid, and changing your passwords, there’s not much much you can do to safeguard your data. It’s up to individual companies to update their websites and services to use the fixed version of OpenSSL, which plugs the hole left by Heartbleed — stanching the bleeding, so to speak. The researchers that took the wraps off the bug say it’s the responsibility of operating system vendors, software makers, and network hardware vendors to use the new version, which they call FixedSSL.

At this point, both Amazon and Yahoo are working to apply the fix across all of their services, with the latter indicating that they’ve done so across most high-profile web properties, including Yahoo Homepage, Yahoo Search, Yahoo Mail, Yahoo Sports, and more. Meanwhile, Amazon states that it has applied the fix to the majority of its services as well. You can read Amazon’s statement on the matter here.

At this point, it’s unclear how much damage has been done by Heartbleed. In the meantime, here’s a list of sites which have reportedly been affected. Also, the U.S. Department of Homeland Security has published a blog post, offering these tips on how to secure yourself from Heartbleed.

  • “Many commonly used websites are taking steps to ensure they are not affected by this vulnerability and letting the public know. Once you know the website is secure, change your passwords.”
  • “Closely monitor your email accounts, bank accounts, social media accounts, and other online assets for irregular or suspicious activity, such as abnormal purchases or messages”
  • “After a website you are visiting has addressed the vulnerability, ensure that if it requires personal information such as login credentials or credit card information, it is secure with the HTTPS identifier in the address bar. Look out for the “s”, as it means secure.”

Be sure to read our guide to What Websites are affected by the Heartbleed bug and How to Protect Your Android from Heartbleed. We also have a robust list of Android, iOS, and Windows Apps Affected by Heartbleed and Video Game Services Affected by Heartbleed.

What do you think? Sound off in the comments below.

Computing

Smishing sounds funny, but it’s a serious threat to your phone’s security

We all know phishing is a huge security problem, but most people still believe it’s a problem limited to email. According to new reports, however, phishing scams are attempting to exploit your trust in text messages.
Web

Data stolen from HealthCare.gov includes partial SSNs and immigration status

Around 75,000 users have had their user data stolen from government site healthcare.gov, including information on their immigration status, whether they were pregnant, and partial social security numbers.
Computing

Hacker infects 100K routers in latest botnet attack aimed at sending email spam

An attacker is trying to infect your router with malware in order to send spam emails. If your router uses a Broadcom UPnP SDK, it could become vulnerable to this attack. So far, 100,000 routers worldwide have been infected.
Computing

Want to set up your own virtual private network? Here's how

Take a look at our walkthrough for creating a virtual private network and why it is beneficial for more than just increased privacy and security. We go step by step, detailing how to set up a VPN in both MacOS and in Windows 10.
Gaming

Got an NES Classic? Here’s how to hack it to play more than 700 games

The NES Classic is terrific for what it is, but Nintendo's discontinued device remains limited in what it can play. Here's how to hack your miniature console and render it compatible with more than 700 games.
Product Review

Long live the king! Dell’s new XPS 13 defends its throne with ease

The redesigned Dell XPS 13 doesn’t reinvent the laptop’s winning formula, but does offer much-needed tweaks including the latest Intel hardware and a thinner, lighter body. Is it enough to keep Dell’s laptop at the top of our ratings?
Mobile

Apple to boost its Amazon presence with listings for iPhones, iPads, and more

Apple is about to start offering more of its kit on Amazon. The tech giant currently only has very limited listings on the shopping site, but the deal will see the arrival of the latest iPhones, iPads, MacBooks, and more.
Computing

AMD is pulling ahead in the die shrink race with 7nm CPUs and graphics cards

AMD might have played second fiddle to Intel and AMD for a long time, but it has the potential to leapfrog both when it debuts its new 7nm CPUs and graphics cards in 2019, leading the die-shrink race for the first time in years.
Deals

Black Friday 2018: The best deals so far

Black Friday is the biggest shopping holiday of the year, and it will be here before you know it. If you can't wait until November 23 to start formulating a shopping plan, we've got you covered.
Computing

Stay connected with the Surface Go LTE Advanced, coming November 20 for $679

The new Surface Go LTE Advanced model delivers benefits for anyone who is looking to enjoy LTE coverage and stay connected on Windows 10 when traveling on the road or away from home.
Computing

Cloudflare’s privacy-enhancing 1.1.1.1 DNS service comes to iOS and Android

Cloudflare's 1.1.1.1 DNS resolver service has been ported to mobile devices, and now anyone with an Android or iOS device can download it for free to take advantage of its speed and privacy-boosting features.
Gaming

The plug-and-play PC Classic joins the retro console bandwagon

Gaming company Unit-e is creating the PC Classic, a plug-and-play retro console that will come bundled with around 30 of the best DOS games. The system will support gamepads and keyboard setups.
Computing

Is your PC slow? Here's how to restore Windows 10 to factory settings

Computers rarely work as well after they've accumulated files and misconfigured settings. Thankfully, with this guide, you'll be able to restore your PC to its original state by learning how to factory reset Windows.
Computing

Best Buy’s pre-Black Friday deal takes $330 off the 2017 Surface Pro bundle

If you don't need the latest Surface Pro, Best Buy has a heavily discounted rendition of the 2017 model available in its pre-Black Friday sale. For just $1,000, you can get the tablet with a Core i5 CPU.