The Heartbleed bug is a major security flaw that’s affected many of the internet’s most prominent websites. We explain what it is and how to protect yourself from its effects.
From Google to Facebook and YouTube to Yahoo!, this week has seen a major security flaw uncovered in many of the world’s biggest websites. The Heartbleed bug is estimated to have affected half a million websites, potentially rendering secure user information available to hackers.
Most worryingly, it means your email, cloud storage and banking passwords may no longer be secure, but don’t press the panic button just yet. Several websites have already addressed the vulnerability, and we’re here to help when it comes to restoring the integrity of your accounts.
Laptop reviews – our test lab verdict on 41 new laptops
What is the Heartbleed bug?
OpenSSL is used to encrypt and secure various connections on the internet so that a third-party (i.e. hacker) can’t intercept the data transmitted. If you know how to exploit the bug Heartbleed renders this security measure void. This means usernames and passwords can be harvested by ne’er-do-wells for their own personal gain.
Is your account likely to have been hacked?
The Heartbleed bug first originated in March 2012, but was only discovered recently by researchers for Google and Finnish security firm Codenomincon. Because an attack targeting Heartbleed leaves no footprint, it’s impossible to know how many people may have been affected.
This is troubling as many of the world’s most popular websites have been found to be vulnerable. What’s important now is knowing which of these have fixed the bug, and are safe to use your credit card and other personal details with.
Which websites have patched up the Heartbleed flaw?
At the time of writing, the following major websites have been confirmed to be protected from the Heartbleed bug:
- Microsoft Live
You can also rest easy when using Which.co.uk, Which? Tech Daily, Which? Conversation and any other Which? affiliated website. A more extensive list of protected sites is available from CNET. And, to test a website yourself, use the Qualys SSL Server Test which will produce a result similar to the image below for protected sites.
If a website is patched against Heartbleed, is it safe to use?
The short answer is ‘yes’, but you should really change your password to be doubly safe. When writing a new password be sure to use a mixture of letters, numbers and characters. Also, be careful not to fall into the trap of using ‘password’,‘psswd’, ‘12345′, ‘00000′ or your own surname to protect yourself. It seems like an obvious mistake to avoid, but countless web users haven fall into this trap. For more information, read our guide to creating the perfect online password.
Finally, we’d recommend keeping an eye out for suspicious activity related to your bank account and shopping sites over the coming weeks. Chances are you should be OK, but a little extra precaution never hurt anyone.