What is it, and what do you do about it???
The Heart Bleed Virus
What is the Heart Bleed virus
• Flaw in Open SSL, which is the encryption used
to make data transfer secure
• Encryption makes the data look like nonsense to
anyone but the recipient
• Sometimes, a computer will send out a small
packet of data (called a heartbeat) to see if there
is still a computer at the end of its connection
• Researchers discovered a programming error
that allowed people to send a well-disguised
packet of data that looks like the heartbeat
Some key points
• This flaw (the ability to send a fake packet
of data) has been available for abuse for
about two years!
• The flaw was discovered by Google
• There are no traces left when these fake
data packages are sent
So how bad is it?
• Pretty bad. Web servers keep lots of info on
their sites, such as usernames, passwords,
content which has been uploaded and even
credit card numbers
• Even worse, hackers can steal encryption keys,
making it possible to intercept data and read it
without having to have a secure connection
• This means that companies can change their
encryption keys, but still be vulnerable!
What does it mean to you?
• This is an issue not only with your devices,
but also with the software that powers the
services we use
• Sites can include social media,
employment, hobby sites, software
installation sites or even government sites
• 66% of sites are powered by technology
built around SSL
What do you do?
• Since it has been around for two years
and leaves no trace, assume that
accounts may have been compromised.
• Change online passwords, especially ones
needing privacy and security
• Remember, though, if your site hasn’t
upgraded its software, you may need to
change the password again
Are my sites affected?
• Most major service providers have either
fixed or are currently fixing their sites.
• On this site (run by Filippo Valsor, an
Italian consultant specializing in security)
you can enter a site and see if it has been
fixed or unaffected. Try this today!