The latest internet security threat Heartbleed has been making headlines – but just what is it and how does it affect you? We give you a run down on the bug and what to do next to make sure your information is as safe as possible.
The Heartbleed bug is a serious vulnerability in the widely used OpenSSL website encryption method. This is already being presented as one of the biggest security threats that the internet has ever seen. If you haven’t changed your passwords yet for online services, your account details could have been compromised.
Many online services and websites you regularly use, will commonly use OpenSSL software. This software provides a secure, encrypted connection between you and the website or service you are using.
The Heartbleed bug means that the security of this connection may be compromised, meaning your personal information, passwords, bank details etc. may be accessible to anyone who wants to exploit the Heartbleed bug flaw. This bug allows hackers to read the memory of systems using OpenSSL software, and also obtain decryption keys to encrypted data – allowing them to steal the supposedly protected data.
It is important to note that this is not a virus that you can protect yourself against with anti-virus software, or a firewall. This is a flaw in the encryption standard used widely on the internet – so even if your own network and machine is secure, your online details may not be.
A fixed version of OpenSSL has now been released, but it still must be deployed by all online service providers who wish to keep their users’ information safe.
In the meantime, it is highly advised that you change all passwords for online services. Even if you do not, and the flaw has been fixed on the services/sites that you use, your login details may already have been accessed, so you should still change your passwords as soon as possible.
Which sites/services are affected?
If you haven’t already, you should change passwords for the following:
- All Google services, including Gmail, Google Drive and YouTube.
- Yahoo – including Yahoo Mail.
- Amazon web hosting services (but not the Amazon website)
UK Banks use different encryption methods and are therefore not affected, although it is worth noting thatBarclays have not yet issued a statement. Lloyds, HSBC, RBS, Natwest, Santander and the Co-Op have all confirmed that they were not affected.
Other Notable Sites Confirmed as Unaffected
Widely used sites confirmed as safe include Amazon, Hotmail and Outlook, eBay, PayPal and all of Apple’s services – including iCloud and iTunes.