Global security researchers recently confirmed the presence of a security “hole” that affects anyone who uses https.
Keep in mind that https is the protocol that protects users’ private details and information like passwords, credit card numbers and confidential emails and documents.
Dubbed the Heartbleed Bug, this flaw tricks computers into providing personal data that is normally encrypted and nonsensical in a format that anyone can use and just as easily, abuse.
How exactly does the Heartbleed Bug work?
Before we can even delve into how the Heartbleed Bug works, it’s important to understand just what exactly it affects: OpenSSL.
In layman’s terms, OpenSSL is like camouflage for all the data that it sent around the Internet. For example, let’s use online shopping, something many people are familiar with.
When you buy something online and provide your credit card details, your exact credit card number is not sent to or seen by the online store vendor. OpenSSL camouflages the specifics of the credit card, but without affecting the transaction.
This way, neither the vendor nor other hackers can make any sense of the information.
What the Heartbleed Bug does is pull the camouflage away, exposing the data.
What is being done about the Heartbleed Bug?
All major ecommerce websites, banking websites and any other online service that processes transactions or the flow of money in general are updating their security certificates to close up this hole before any damage can be done.
If you operate a business and you use the https protocol, make sure to alert your IT service provider immediately so they can update their security standard as well.
What can you do to protect yourself from the Heartbleed Bug?
In the meantime, it is wise to change your password on any online banking websites you use, as well as any other websites that you would regularly pay money through. This includes websites like PayPal, eBay and iTunes.
If you are an IT service provider yourself, e.g. hosting, domain, web development, software development and the like, you should notify your clients as soon as possible and reassure them that there is nothing to be alarmed about, while updating their SSL certificates at the same time.
Johnson Kee is the Sales and Marketing Coordinator of Kinnov, an enterprise web and software development firm based in Melbourne, Australia. Since 2004, Kinnov has provided digital solutions to local and international clients, ranging from SMEs to global franchise chains and organisations.