In early April, 2014 security researchers announced the discovery of a bug in
the security software that nearly 2/3 of websites rely on to encrypt data as it passes between the
server and the users' computers using the "https" protocol. Dubbed the "Heartbleed bug",
this involves such a fundamental aspect of your online security that everyone needs to understand what it
is and what it means to ordinary users.
There are some simple steps you must take to avoid becoming a victim of
the Heartbleed bug. I've listed some of them below. Largely, it boils down to using
good anti-virus software and changing your online passwords. These simple
steps can be the difference between surviving the next virus outbreak and becoming
another victim who's lost time, data, and, of course, money.
The Heartbleed bug is a flaw in the software known as "OpenSSL" that allows hackers to peek at selected portions of the memory of the server computer. Over time, this information would provide access to user names and passwords as they pass through the server and potentially allow the hacker to have complete access to the server itself. "OpenSSL" is what's known as "Open Source" software, which means that the software and the programming source code is published freely. It was developed by volunteers as a part of a consortium of programmers and industry leaders. Because the source code is available to everyone, it gets intense scrutiny by the software community, which is how this bug was discovered. The good news is that there is already a fix being deployed worldwide, and it should no longer be an active threat.
The first essential step is to make sure you have installed effective anti-virus software.
The easiest way is to buy one of the two major anti-virus
programs - either Norton Anti-Virus or McAfee Anti-Virus. There are several other
commercial packages that are also respectable, but you'll get the best support from the
user community with one of the major brands. There are also several freeware programs available, such as
"Avast 4 Home Edition that has a very good reputation,
Security Essentials is a great no-cost choice for PC users - esepcially for those who still use Windows
XP and have not upgraded to Windows 7, 8 or 10.
The next step is to change your passwords on your most important online accounts, such as those for Email, banking, credit card, and online shopping websites. Do Not Respond to Emails that Tell You To Change Your Password! If you get such an Email, it is important that you do not click on any link in that Email. Scammers are already exploiting user fears about Heartbleed using deceptive Emails. Always navigate directly to these websites by entering the web address in your browser by hand - not by clicking a link somewhere or by copying and pasting an address. This would be a good time to consider getting a password manager program to help you create more secure passwords that will be different on every website you use. There are several good freeware password managers out there.
Lastly - Don't Panic! Whatever you've heard, using the Internet is still very safe as long as you pay attention to what you're doing. While the potential damage to online security was enormous, the software has been repaired and there are no known security breeches that used the Heartbleed bug. All of the warnings are safety precautions that will protect you against any past breeches that have not yet been exploited by theives and hackers.