Library Technology – Reviews, Tips, Giveaways, Freeware

Who Broke the Web’s Heart?

Posted In Security, Webmaster - By Techtiplib on Saturday, August 30th, 2014 With No Comments »

Over the last couple of months the word “Heartbleed” has been floating around the internet.  To the average user it’s been portrayed as a reason to change every password he or she has. But, very few people have actually taken the time to explain, in layman’s terms, what Heartbleed really is and why people that are not into IT should care about it.

Web’s Heart

To talk about Heartbleed we need to explain the concept of OpenSSL, which is the technology used to secure the data on about 66% percent of the internet. The problem is that this technology is flawed.

Imagine a clerk who is in charge of storage lockers. You ask for a storage locker and the only one available is a forgotten locker in the back of the room. Someone left some stuff in it, but it’s just a matter of replacing the stuff that is currently in the locker with your stuff; put the old stuff in a different box so it can be claimed some other day and…that’s it. It’s a simple equivalent exchange. But what if you only need half the locker? That’s where the problem lies.  Our clerk lacks common sense, so he’ll just clear out half the locker and put your stuff in the empty half, leaving you with half a locker full of someone else’s stuff. Is it a wallet full of cash and credit cards and other stuff they’d rather keep to themselves? The clerk doesn’t know and doesn’t care. He’s going to leave you with a bunch of stuff that’s not yours.

Recommended reading: Infographic: Dirt Heartbleed Stay Safe

That’s the Heartbleed vulnerability. Because OpenSSL has a very simple problem dealing with the size of data, you could end up with someone else’s information. It wouldn’t be much of an issue if people were honest but cyber criminals exist and information is one of the most valuable items on the black market. Spammers, scammers and other not very desirable characters are always looking for ways into your data, and a faulty OpenSSL has given them an open door to it.

So what can the average user do about it? Well, first you have to change most of your passwords. Websites like Dropbox, Instagram, Tumblr and Netflix were affected but since then issued a patch- visit this link for the whole list. If someone got to your information, they got an old password; change yours and you’re good to go. However, if you own a website, you need to make sure your web hosting service has accounted for Heartbleed. Web hosting services like UKhost4U have a rather hefty security suite that’s been properly updated to deal with this new loophole in data security. Read more How to choose a web hosting company?

If you’re not a programmer with knowledge of internet security, the best way to be sure your website is safe is to talk to your web hosting service about it. Maybe they’ve issued a patch and you can rest easy knowing that your data is safe, but if they haven’t you may want to ask for a timeline on that fix…or consider changing web hosting services.

However, if you are a security specialist Heartbleed was caused by a single line of code, so the fix is quite simple. The bottom line is that while this bug does represent a risk to your data, it does not represent the end of the internet as we know it, nor does it mean that you should go into a panic because a hilariously cartoonish moustache twirling villainous hacker is trying to get your credit card number. It only means that you should take some time to secure your data, change your passwords and talk to your hosting service to make sure your information is safe.

It takes about 20 minutes and a few emails, but it has to be done.After all, it’s better to prevent security breaches in advance than to start getting increasingly weird spam emails or worse, have your personal data leaked out over the internet.

Author Bio:

Simon Hopes is a renowned writer. He writes various articles on software related to web security. Today he has discussed in his article about some web hosting services like UKhost4U.

More contents in: ,

About - Hey, this blog belongs to me! I am the founder of TechTipLib and managing editor right now. And I love to hear what do you think about this article, leave comment below! Thank you so much...