Heartbleed is a computer bug that affects the most popular encryption method on the Internet that went unnoticed for more than two years and was announced alongside a patch in April 2014.
So what happened here? Engadget explains in a April 12 article, What is Heartbleed, anyway?
The problem affects a piece of software called OpenSSL, used for security on popular web servers. With OpenSSL, websites can provide encrypted information to visitors, so the data transferred (including usernames, passwords, and cookies) cannot be seen by others while it goes from your computer to the website. [The latest version of SSL has a bug in it] that allows for a person (including a malicious hacker) to retrieve information on the memory of the web server without leaving a trace.
And the name? A feature of OpenSSL is called heartbeat. Just like a pulse, a website that uses this encryption method communicates with your computer to let it know that it’s actually there. Introduce a vulnerability to heartbeat–and vuala, heartbleed.
But enough of this computer-talk. How does it affect real people–namely, college students?
We should start with the good news: Heartbleed doesn’t affect as many people as initially thought. In fact, fewer than one in five people are affected by it.
However, one in five is still quite substantial (just better than initial estimates, which had the figure pegged above 50% of all Internet users). And because college-aged students collaborate Internet connections, explore the web with depth, and shop online more than any other demographic, every college student should take unprecedented steps because this is an unprecedented security flaw.
[box type="info"]Check your favorite websites.
There is a tool available that scans websites to see if they’re open to the hack. Simply type the website into the box to test for Heartbleed.[/box]
[box type="info"]Change all of your passwords.
This is the most generic response that anybody gives at the slightest whiff of trouble, but it’s the best thing to do to protect yourself against Heartbleed if the website has been patched (checking with above tool). This includes all of your shopping sites, email, Twitter, Facebook, LinkedIn, Instagram, etc.
Remember to follow good security practices when writing your new password–and now may be the right time to acquaint yourself with a password management app.[/box]
[box type="info"]Close old accounts.
Spring cleaning! This is the perfect opportunity to close out old accounts that you no longer use. This not only diminishes all concern surrounding its compromised password and information, but also gives crooks who otherwise accessed it, clues to get into your other accounts (like shared passwords).[/box]
The Internet: it’s full of amazing things. But, as with life, everything doesn’t always go as planned.
Taras Kufel is the Web Content and Design Manager in the Office of New Media of the State University of New York.