(Photo: Reuters/Mario Anzuoni)
The Heart Bleed virus has been affecting millions of websites on the Internet for two years, but there are ways to protect yourself from the bug, according to reports.
Though users don't have much power over the Heart Bleed virus — website administrators and creators have to update their OpenSSL software — there are ways to defend important passwords on Gmail, Facebook, Yahoo! and other sites.
The Heart Bleed virus allows hackers to exploit a flaw in the OpenSSL encryption software used by a majority of major websites to steal data like credit card numbers, passwords, and other personal information. The first defense for Internet users, then, is to change your passwords to protect your information from being taken and abused.
However, if a major website is still vulnerable to the Heart Bleed bug, changing a password won't matter; the website would have to update their software first. To defend against this, an online tool called the Heartbleed test was created to test if a website has been compromised by the virus. Simply type the web address of the website into the box, and it will let you know whether it is safe. Sites like Facebook, Gmail, Amazon, Yahoo!, Twitter and others have already updated their software.
The Heart Bleed virus basically takes advantage of OpenSSL encryption software, which is standard for many websites and designated by the small padlock symbol. When messaging back and forth on a secure connection — think Facebook or Gmail messaging — sometimes a computer wants to check if the other computer is still available. They check by send a small packet of data, called a "heartbeat," which is then confirmed. The flaw allows hackers to use a fake packet of data, which tricks the computer into responding with data stored in its memory.
Worse, this flaw is undetectable by current standards and has existed under the radar for about two years. For an in-depth analysis and FAQ on the Heart Beat virus, click here.
The flaw was discovered by security firm Codenomicon and Neel Mehta, a Google security researcher. They said that even if you don't frequently use the internet, you are most likely affected by the bug.
"You are likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company's site, commercial site, hobby site, sites you install software from or even sites run by your government might be using vulnerable OpenSSL."