Published on April 16th, 2014 | by admin
Be Wary of The Heartbleed Computer Bug
The implications of a computer bug corrupting files and compromising system security are a huge concern for all users in both the work place and at home. So when a new, potentially serious virus emerges like Heartbleed, it is understandable that it will make our pulse rate quicken.
Experts have claimed that Heartbleed is indeed one of the most serious internet flaws ever, largely due to the fact that it remained unnoticed for over two years. It is a flaw in a software package called OpenSSL which is used by banks, shops, email providers and a whole range of other services on the internet.
The reason Heartbleed has caused a huge stir is the fact that it can give anyone access to the data behind internet encryption. And this means passwords can potentially be hacked and credit card details obtained by criminal third parties.
Here at the Post office Shop we are also keen to point out to business owners that the ramifications could extend to HR and payroll software also conceivably being at risk.
It became apparent just over a week ago that systems using vulnerable versions of OpenSSL are vulnerable to the security threat and so far the Canadian tax authority and Mumsnet, a leading website for parents, have both so far revealed that they have been victims of the Heartbleed bug. But this may be only the tip of the iceberg.
The problem is exacerbated by the fact that fraudsters are now taking advantage of Heartbleed by undertaking phishing attacks whereby users are directed to spoof sites designed to steal their credentials.
On a positive note, many websites have already updated their software to counteract the threat since it became public knowledge.
But as an individual what practical steps can we take to try and minimise the risks? In situations like this there is no better time to ensure the utilisation of storage media devices to ensure a back up of vital files is made in case data is corrupted.
Certainly it is vital to be wary of spoof websites designed to steal our credentials. As a rule of thumb, if people receive an email they have not asked for to reset passwords, then they should certainly be suspicious.
We all need to be 100% sure that a website or service we use is actually advising to choose a new password before making any changes. Certainly it is only advisable to change passwords once a website has definitely fixed the Heartbleed bug. From there, any change of password undertaken should be one that we do not use for any other websites.