This morning, my train friend Judy and I were talking about the new Heartbleed virus that has supposedly affected at least 66% of the Internet, and how scary it is. Neither of us being tech or security experts, we could only wonder at the scope of this virus. (It even has its own logo!).
I noticed that this guy sitting in front of us getting awfully fidgety during our discussion. Finally, he turned around and said, "Hi. I don't mean to eavesdrop, but I heard you talking about the Heartbleed virus. I work in IT and it is a huge problem!"
He went on to explain that the virus is affecting the open SSL servers up to version 1.0.1g, which has been fixed, meaning that any open SSL server between 1.0.1 and 1.0.1f are affected. What this virus allows the hacker to do is to view all encrypted data on all affected websites. However, the most dangerous and problematic issue, is that the hacker can view all secure certificates issued by the open SSL servers. That means that even after a company has secured their servers, the hacker can still get into the system through an old certificate.
This poor guy was telling me that he has to go through the last three years of certificates, close them all out, and issue new ones, for every transaction from the last three years. (Heartbleed has only been affecting servers for the last two years, they think, but his company wants to go back three years just to be sure).
I asked him what I could do as a layperson to protect myself and my information, and his response was, "Change all your passwords and stay off the Internet for about a week." He also suggested using Google Chrome for my browser (which I already do) and adding the Chromebleed applet, which alerts you if you are heading to a site that has been affected, or continues to be affected, by Heartbleed.
Well, I work on the Internet, so that's out, but I did change all my passwords. He also suggested that I change my passwords again in a week, and again a week after that. This bug is apparently a doozy!
If you'd like to know a little more, check out this article about Heartbleed.
Also, tell your families, friends, acquaintances and strangers to change their passwords. We could all be dealing with this virus for a while.
So, to the guy on the train that totally eavesdropped on my conversation... good luck and I'm sorry that you have to deal with this bug on a professional level. Also, thank you! I feel slightly better about the Internet after chatting with you on the train.
No comments:
Post a Comment