Sorry we waited a little bit before addressing this issue, but we wanted to let the dust settle so we could sort out the facts from the media hype. Is the Heartbleed bug serious? Yes! Is it wide spread? Yes! Does it affect you? Maybe, but maybe not.
- It only affects website security for logins and data transfer that are using the OpenSSL protocol.
- Changing your password on affected sites will only be effective if they have already fixed the problem.
Internet Vulnerabilities and the News Media
There are definitely things to be concerned about when it comes to the Internet, security, and especially privacy. It is hard to know what to believe and not believe, and even harder to know what to do and when. But here is one thing I know for sure: the news media is always looking for stories to sensationalize. Internet and computer vulnerabilities are some of their favorite topics. Please realize that most of the reports and stories you hear are over-exaggerated, over-hyped, and frequently after-the-fact.
Two Over-Hyped Internet Security Stories
- A few years ago, there was a news report that said you should not log in to your Facebook account on a public WiFi network, specifically at your local coffee shop. They reported that other people on a public network could “sniff” your password and then have access to your Facebook account. And do what, post what they had for breakfast? Anyway, the thing to notice is that there was never a follow-up story that said it ever happened to anyone, just that is was a possibility.
- Just recently, it was reported that Apple’s web browser Safari had an SSL vulnerability. The truth is that it did. But no one knew about it until Apple released the fix through a software update. In the description of the update it stated, “Fixed an SSL issue in Safari.” Next thing you know, it is on national news. It was never reported that anyone managed to exploit said vulnerability.
This is the exact same case in the HeartBleed case. A research firm discovered the issue and reported it widely so server administrators could fix the problem before it got out of control. In all of the blogs and news stories I have read, not one has reported anyone actually using it to harm someone. Oh…except the story about how the NSA has been exploiting it for years. I’m not sure if I believe that one. If someone had been compromised, that would be big news, and you would read about it everywhere.
All of these examples go to show that the news media is looking for news and willing to sensationalize anything to get ratings. Do we need to be vigilant about our digital information? Absolutely! But please trust the facts. As Flavor Flav warned us years ago, “DON’T BELIEVE THE HYPE!”