Heartbleed Security Bug – Don’t Believe the Hype

by | Apr 14, 2014

Heartbleed Internet Security BugSorry we waited a little bit before addressing this issue, but we wanted to let the dust settle so we could sort out the facts from the media hype. Is the Heartbleed bug serious? Yes! Is it wide spread? Yes! Does it affect you? Maybe, but maybe not.

Heartbleed Facts

  1. It only affects website security for logins and data transfer that are using the OpenSSL protocol.
  2. Changing your password on affected sites will only be effective if they have already fixed the problem.

Heartbleed Resources

What the “Heartbleed” Security Bug Means For You – Lifehacker.com

The Heartbleed Hit List: The Passwords You Need to Change Right Now – Mashable.com

The Ultimate Guide to Strong Passwords – thegeekstuff.com

Your Clever Password Tricks Aren’t Protecting You from Today’s Hackers- Lifehacker.com

How The Heartbleed Bug Works – xkcd.com

LastPass Heartbleed Checker – Lastpass.com

Internet Vulnerabilities and the News Media

There are definitely things to be concerned about when it comes to the Internet, security, and especially privacy. It is hard to know what to believe and not believe, and even harder to know what to do and when. But here is one thing I know for sure: the news media is always looking for stories to sensationalize. Internet and computer vulnerabilities are some of their favorite topics. Please realize that most of the reports and stories you hear are over-exaggerated, over-hyped, and frequently after-the-fact.

Two Over-Hyped Internet Security Stories

  1. A few years ago, there was a news report that said you should not log in to your Facebook account on a public WiFi network, specifically at your local coffee shop. They reported that other people on a public network could “sniff” your password and then have access to your Facebook account. And do what, post what they had for breakfast? Anyway, the thing to notice is that there was never a follow-up story that said it ever happened to anyone, just that is was a possibility.
  2. Just recently, it was reported that Apple’s web browser Safari had an SSL vulnerability. The truth is that it did. But no one knew about it until Apple released the fix through a software update. In the description of the update it stated, “Fixed an SSL issue in Safari.” Next thing you know, it is on national news. It was never reported that anyone managed to exploit said vulnerability.

Heartbleed Bug HumorThis is the exact same case in the HeartBleed case. A research firm discovered the issue and reported it widely so server administrators could fix the problem before it got out of control. In all of the blogs and news stories I have read, not one has reported anyone actually using it to harm someone. Oh…except the story about how the NSA has been exploiting it for years. I’m not sure if I believe that one. If someone had been compromised, that would be big news, and you would read about it everywhere.

All of these examples go to show that the news media is looking for news and willing to sensationalize anything to get ratings. Do we need to be vigilant about our digital information? Absolutely! But please trust the facts. As Flavor Flav warned us years ago, “DON’T BELIEVE THE HYPE!”

About Jamie Pollock

Jamie has worked as an independent business and tech consultant for many years, assisting large companies and small businesses in developing a wide variety of strategies and solutions. His past clients include Jantzen, Symantec and Intel, just to name a few. With an innate ability to explain complex topics, expertise in all things iPad and iPhone, and an infectious sense of humor, Jamie is a master at helping people become confident in everyday technologies.

Comments

1 Comment

  1. Debra

    Thanks for showing us that heartbleed caused a media-induced dust storm. I wonder how many productive hours reporters sucked away from the economy by urging everyone to change all of their passwords?

    Reply

Submit a Comment

Your email address will not be published. Required fields are marked *