The past few days have been very interesting in the internet world. The Heartbleed Bug is something that has surprised many internet users, and folks are surprised, because they thought their HTTPS or OpenSSL cryptographic software library was protecting them on the internet. But as you know, hackers and the bad people will find any way possible to break into a secure internet setting, and this flaw had to be fixed. Thanks to Codenomicon and members of Google Security, the security flaw was found and the internet companies are patching the flaws. But it might be too late for the average internet users, because the bad guys might have your account information and passwords, and they might be hacking you right now.
Around 2/3rds of internet websites use the OpenSSL technology. And here is a crazy thing about Open SSL, only one paid employee is working to maintain the Open SSL program and prevent it from hackers breaking in. That’s right, one! Steve Marquess, who is the OpenSSL Software Foundation president, said in a blog post that the OpenSSL needed money for half a dozen full-time employees rather than the one it has currently. Did you know that a team of volunteers actually work to make the Open SSL technology safe? I can see why the folks from the OpenSSL Software Foundation are asking for funding from businesses and governments. Yes, they have gotten some donations in the last few days to help them out, but that funding won’t last forever.
Maybe it’s time for a major internet company like Google to buy out the OpenSSL Software Foundation so the internet can remain safe! But until something happens like that, I have a great suggestion for all of you, change your passwords! The OpenSSL program has been vulnerable for over two years now, in fact the NSA knew about the Heartbleed security bug, but said nothing! The NSA might have been collecting passwords and private communications from hundreds of thousands of websites. So there is another reason why you need to change your passwords! By now, all websites running with the OpenSSL software have patched their sites. But if you want to check and make sure, check at: https://lastpass.com/heartbleed/
After the website you use has been patched, change your passwords! Choose a password with letters, numbers, and symbols. One piece of advice, use a different password for your e-mail and bank accounts. The reason, a hacker could say they lost their password and they could type in an e-mail address to retrieve a password. If a hacker has the account and password to your e-mail account, game over! Another step, many websites today have a two-step authentication where you enter your account info. and password, then you enter a unique six digit code from an app on your phone like Google Authenticator. If you lose your phone, you can still enter a code you printed off and still get into your accounts.
Companies needs to do anything possible to secure the internet experience for everybody. Soon, I hope we move to technology where a person has a unique chip or code to get onto their accounts online. But for now, I would recommend you change all of your passwords, and change them every few months. I would also recommend setting up two-step authentication if it’s available on the website you use. That way you can stay safe, and ahead of those evil hackers!