Back
|
Print

Advice

Heartbleed-bug-logo-w150

The Heartbleed bug is one of the biggest security issues ever to affect the Internet.

First reported at the end of 2011, the bug enables hackers to exploit users’ personal data and passwords on an alarming scale. 

How does Heartbleed work?

The Heartbleed bug is a serious vulnerability in an encryption tool known as OpenSSL.

The Internet has a set of protocols for security and encryption known as Security Sockets Layers (SSL) and Transport Layer Security (TLS). These protocols are implemented in the form of open source tools such as OpenSSL.

Around two-thirds of the Internet uses OpenSSL and it supports billions of web interactions on a daily basis.

The Heartbleed bug mainly grants access to secret keys of a server. These same keys are used to encrypt traffic, names, users’ passwords and actual content. A vast range and quantity of information can be stolen through the exploitation of this bug. Software packages for websites, applications, email or private messaging services that run OpenSSL are exposed to this vulnerability.

Please note that many Heartbleed bug remover tools could be infected with malware. We highly recommend using the tools listed below in order to protect yourself.

What should I do?

As the vulnerable versions of OpenSSL are still being used on the web, criminals can continue to take advantage of the weaknesses caused by this bug.

It is essential that  web entity owners and developers patch their sites with an updated  Fixed OpenSSL.

For clients and web users, it is recommended that you change your passwordsafterthe affected sites have been patched with the new version of OpenSSL (be sure to wait until the issue has been resolved). 

You can check if a website is vulnerable by using a tool, such as  https://filippo.io/Heartbleed/.

Japanese security software company, Trend Micro Inc, has released a  short video highlighting the important things to know about Heartbleed.

For more detailed information, visit  http://heartbleed.com/.

How do I create a strong password?

Use a unique password for each of your online accounts  and change them regularly.

Passwords should:

  • Be at least eight characters long;
  • Contain a mixture of letters, numbers and symbols.

 Paswords should not:

  • Be a recognizable word from a dictionary;
  • Contain any of your personal data, such as name or date or birth.