Heartbleed is likely the most serious Internet security threat to date. Here’s what you need to know.
What the term Heartbleed refers to is a bug in the code for OpenSSL. This code, which is thousands of lines long and has been written and rewritten by several people over the years, is a widely used cryptographic library. When a user logs into a website that uses OpenSSL (or another method of security), the browser “talks” with the website to make sure it’s a legitimate website; for example, typing in “www.ncra.org” actually leads the user to the main website for the National Court Reporters Association and not a pretender. Secure websites are noted with the “https” before the address or sometimes an icon of a lock.
The Heartbleed bug allows a hacker to access communication between the user and the website, which could include sensitive information like passwords, credit card numbers, contact information, etc.
Companies and websites affected by Heartbleed need to change the problem on their end. Once an affected company has made their necessary security changes, they should alert you to change any passwords. Changing a password immediately will not solve the problem if the company has not been able to solve things on their end. However, after a week, it should be safe to change passwords that haven’t been flagged.
For now, avoid going to websites that have access to secure personal information, like a bank website. LastPass and the Heartbleed test can also help you determine if a specific website is vulnerable or not. Mashable has also put together a chart showing if popular websites have been affected and whether passwords need to be changed.
Check with your firm, court, school, etc. to see what they recommend for keeping private client information secure when electronically transferring information.
NCRA is checking in with our vendors on this issue and making sure that things are safe on our end. We will pass on any additional information when we can (you can access that list here).
Many news sites are publishing information on Heartbleed, including NPR.