What does the Heartbleed Bug mean for me?



As I started thinking about my own personal safety in protecting myself against the Heartbleed bug, I started to  wonder how it truly affected me.  I’d updated the passwords that I needed to, to make sure that I could not potentially make things easier for my accounts to be compromised. But then I realized that if I was wondering about my Heartbleed damages, chances are the customers I help out every day, as an Everon tech, were wondering about it, too.  

From a technical standpoint, I knew that the way Heartbleed affected me had to do with websites that use Open SSL/TLS for encryption to make their sites secure. What does that mean to my non-tech customers? Well, simply put, this bug can affect you either directly or indirectly on your computer, but only to a small extent. The more immediate effect has been to the sites on which you have secure usernames and passwords to log in — everything from Social Media Sites to E-Commerce to streaming Entertainment sites. If you have installed software from any of these sites, and have it on your system, this is how your computer can be affected. But if you simply log in to a site and use your browser you are not at risk with your computer system.

Also you should note that, chances are, you first logged onto these sites before the patches were updated. And those changes weren’t done until almost immediately after the story was reported. There is a good chance that you’ve been compromised and, unfortunately, there is no trace if you were. This is why the sites that have updated their systems to fix this are requesting you to update your passwords. There may be sites still updating, so if you have already changed your password before the patch was completed, you will have to do it again. Banking sites seemed to have been secure, as they do not use Open SSL for their security encryption, therefore they are not likely  to be compromised. But if you use the same password for banking as you do for email or Facebook, you could be in trouble. This is why they are recommending the changes.

This might help to understand how you access sites using SSL:

Flow Chart SSL

(click to enlarge)

This Mashable link will help you find out which passwords need to be updated immediately, as these companies have already installed the patch update to their networks:  http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/. There was another report that said Android phones may be compromised as well, if you are running Android OS Jellybean 4.1 or older. Google is currently working with Android partners to get the patch distributed to resolve this issue. You can view that article here (also on Mashable): http://mashable.com/2014/04/11/devices-running-android-4-1-1-vulnerable-to-heartbleed/.