‘Heartbleed’ bug’s impact felt here and around globe
In the world of the Web, where we keep so much of our lives, it’s comforting knowing our most personal information is protected.
Unless, of course, it’s not.
“It’s the gold lock that turned out to be not so golden,” Redmond Computers owner Michael McGee said Thursday.
McGee said his phone has been ringing off the hook with calls from customers concerned about something called the “Heartbleed bug.”
They have every reason to be worried. The newly discovered computer server glitch could compromise millions of passwords, credit card numbers and other private information.
“It is a big deal,” McGee said. “And two years to go undetected — the possibilities are enormous.”
The problem affects a brand of software known as OpenSSL — one of the most popular encrypting tools on the web — with clients like Facebook, Yahoo and Google (who are among the many already to have patched for the vulnerability).
The software’s mistake opens up private information to hackers, regardless of that padlock image atop your Web browser that’s supposed to make us feel safe.
“We are a little concerned,” McGee said. “How could this have happened?”
The hole in the system also allows the information to be comprised without a trace and has been undetected for two years.
That could be really good, or really bad.
“Because it went undetected, it’s hard to find out how many found out it was even there,” McGee said, explaining that hackers may have not even known it existed.
According to The Associated Press, the people who discovered the mistake work in security research — one team with a security firm in Finland, another with Google.
McGee said consumers are powerless until Websites implement their own fix.
Robert Stewart of Redmond Computers’ technical support said most bank sites are protected. He said banking companies commonly create their own encrypting systems and wouldn’t likely use the problematic version of OpenSSL.
Many sites that did use the software already have created patches for a fix.
Now it’s your turn to protect yourself.
“What (users) need to do is make sure their passwords are changed immediately,” McGee said. “It’s something that everyone should pay attention to. Things like putting an uppercase character in their password, possibly changing an ‘O’ to a zero. That doubles the encryption power.”
It’s a strong reminder the convenience of our virtual world comes at a price.
“From Nordstrom to Target, you got folks putting in critical data constantly,” McGee said. “I would rather be overly cautious, rather than free with the idea that my information is available.”
So far, no victims have been discovered in the case.
More information on what sites were affected can be found at www.heartbleed.com
