If you haven’t already been bombarded with a plethora of conflicting information about the new SUPER BUG sweeping the internet ‘Heartbleed’, Nudge are here to break it down a little and explain what exactly is this horrendous internet niggle taking the entire web by storm?
(You might want to grab a cup of tea for this bit), a few days ago Heartbleed struck fear into internet users across the globe as we were informed hackers had found a loophole in the security of many websites across the ‘WWW’ which allowed them to potentially access a ton of our private information. Researchers are still looking into the effect on consumers but have warned “it could be significant”. An internet users' most sensitive, personal and financial data such as passwords, stored files and bank details are all potentially vulnerable and at risk. The error lurks in the popular software system OpenSSL which is the key encryption technology that a vast amount of websites use to protect their data. Heartbleed has already had a huge impact on websites including; Google, Facebook, Amazon, Dropbox and Yahoo and even though it has been suggested the bug has been lying undiscovered for up to two years, it was only made public this week.
The BBC Reported:
“If you need strong anonymity or privacy on the internet, you might want to stay away from the internet entirely whilst things settle”
…A valid point from the BBC, but realistically is this possible? Big companies such as Yahoo have also been advising people to change their passwords immediately, which in actual fact could make the problem a whole lot worse! If the web server you’re using hasn't been updated to fix the flaw, you may very well spend hours changing all your passwords to then still log in to an insecure server that could potentially then go on to reveal BOTH your old AND your new passwords’ to an attacker…
Luckily, many websites have already issued fixes but it is unclear how widely this flaw has been exploited… If you’re worried a website you use may be affected, a clever chap called Fillippo Valsorda has developed a free online test for you to check individual websites and see if they are still vulnerable: http://filippo.io/Heartbleed/
Alternatively, if you’re a company owner Nudge are also here to help. if you’re still concerned about the safety and security of your website. Give the office a call and for a small fee we are able to provide:
* An in depth search into whether or not your website is affected by the Heartbleed bug
* Create an up to date Search Engine Ranking report and offer your company key suggestions for improvement
* Audit your websites coding standards (For example: Is your site accessible and standards compliant?)
Because attackers can use the bug to steal information unnoticed, it is unclear how widely the bug has spread, don’t put yourself at risk!
Thea @ Nudge.