New Castle News

Mitchel Olszak

April 14, 2014

Heartbleed raises the stakes on Internet security

NEW CASTLE — My column last week dealt with Internet and related scams, along with steps people can take to protect themselves.

Today’s column could be termed Part 2 of that topic, albeit from a different angle.

If you are a regular reader and viewer of news — and especially if you keep track of what’s happening regarding the Internet — last week you were probably introduced to the term “Heartbleed.”

To make a long and extremely technical story short, Heartbleed is a term applied to a recently discovered flaw in a commonly used Internet encryption program called OpenSSL.

Many websites — supposedly hundreds of thousands — offering secure password logons use this program, presented to customers and users as a way to protect them from hackers and Internet thieves. But it turns out that for the past two years, the Heartbleed flaw has given hackers virtually unlimited access to passwords and other private information.

And apparently, it’s not just websites. Heartbleed may have affected firewalls and other security-related programs. The situation is still being assessed.

At this point, no one knows the extent of damage or infiltration, because those who exploit Heartbleed can do so and leave no trace. Perhaps in the coming months, we will get a better picture of what’s been lost and how such a security slip-up could occur.

But that’s mainly for the experts to sort out. For the average Internet user, the primary concern is self protection. And that probably means changing a lot of online passwords.

Unfortunately, the solution is not as simple as that. Security experts say it is pointless to change a password until the website involved has taken steps to protect itself from Heartbleed. Until that happens, changing a password is akin to handing it over to the hackers.

This means you will have to determine the status of each website before altering a password. There are sites online that can provide assistance with this effort, but I’m guessing scammers are out there already providing fake lists. Another option is to contact sites directly to determine their status.

There are authorities online that can offer better guidance than I can on these points. Just be sure the information is from a reliable and knowledgeable source. Don’t rely on the urban legends spread by babbling bloggers.

When you do go to change your passwords, take this opportunity to make them secure. (Hint: The password “1234” won’t protect you.) Your passwords should all be different and sufficiently complex and even random to help thwart hackers and scammers.

And we all should take the time to review our bank accounts, credit card statements and other financial sources that could have been endangered by Heartbleed. Anything unusual warrants additional action.

Text Only | Photo Reprints
Mitchel Olszak
House Ads

Malaysia Airlines Flight 17 fell from the sky in Donetsk, Ukraine, on Thursday, killing all 298 people aboard. Many are speculating that Russian rebels (supported by Vladimir Putin) are responsible for downing the aircraft. What do you think?

Yes. All evidence points that way.
No. Everyone is so quick to point fingers, but there's not enough evidence to support claims of Russian guilt.
I'm not sure. I'll just wait until the investigation is over to make up my mind.
What is up with these Malaysian Airlines planes? I know one airline I won't be flying any time soon...
     View Results