Within the past few days and weeks the news media around the world has been reporting on a new computer bug uncovered by technicians at Google and elsewhere that is considered the worst in history. By now you have likely heard about the widespread security gap dubbed “Heartbleed.” Unfortunately, the bug is so unique and complex that even news stories about it are prone to errors that can add to the confusion and misunderstanding surrounding Heartbleed.
What’s the Nature of the Threat?
First of all, it is important to understand that Heartbleed is not a computer virus. According to an article published by Scientific American, for example, Heartbleed does not affect Windows PCs, Macs, and most Linux desktop and laptop machines. Neither will it harm iOS devices and most Android devices. If you hear news journalists referring to Heartbleed as a virus, they are mistaken and are using the wrong terminology to describe it.
Because it is not a virus, you won’t be able to protect yourself from Heartbleed by using anti-virus software. Heartbleed is, instead, a security gap that may or may not affect websites, depending upon what kind of technical platform they use. Those that are vulnerable can fix the problem by patching the security gap and then testing their site to make sure it is safe.
Before Canada shut down the national government’s tax collection website, for example, it said that around 900 taxpayers had their Social Insurance numbers – the equivalent of American Social Security numbers – stolen from the system. But the Internal Revenue Service said that taxpayers in the USA should go ahead and file their returns electronically because the IRS site was not at risk. Incidentally, a long list of banks and other financial institutions in the USA was also unfazed by Heartbleed because they do not use the kind of computer technology that it can potentially harm.
Who Was Impacted?
By the way, if you simply visit sites and browse them without doing things like sharing financial information then you have nothing to be concerned about. The Heartbleed is only an issue for those who have site access that is protected by passwords and user names.
While lots of the most popular password-accessed sites were not affected at all, many were. Netflix was affected and fixed the bug, for example, but it is a good idea to change your password now. The same is apparently true for Dropbox, Flikr, Instagram, Pinterest, Minecraft, Etsy, GoDaddy, GMail, and YahooMail.
But Amazon, Apple, Twitter, LinkedIn, PayPal, eBay, and Outlook were not affected. At last check it was unclear whether Heartbleed made Facebook vulnerable or not, because apparently the company took steps to close the gap before it was publically disclosed. But Facebook advises users to go ahead and change their passwords just in case.
The list of those impacted and not bothered by Heartbleed is extensive and is still growing, but one of the most convenient resources for checking popular sites is at Mashable.com (http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/). When in doubt check with the site and if they have remedied the security gap – which thousands of websites have already done – go to your accounts and create new passwords.
Does Heartbleed Affect E-Book Readers?
The burning question on the minds of those who read e-books, naturally, is whether or not their electronic readers are susceptible to Heartbleed. To know for sure it is recommended that you contact the manufacturer of your device, but since dozens of devices are unaffected by it there may be nothing to worry about.
Many of the most popular e-commerce websites have also already patched their systems or tested them to verify that they are not afflicted by Heartbleed. To be on the safe side, consumers should set brand new secret passwords, though, just in case the old ones were stolen. Once again, it is not a virus so it cannot be inadvertently spread by doing things like sending and receiving emails or downloading material.
How to Construct Strong Passwords
Even if you are not concerned about Heartbleed it is a very prudent idea to change your passwords on a regular basis, especially if they protect valuables such as bank and credit card accounts. To build the strongest passwords use strings at least a dozen digits, letters, or symbols long. A study at Carnegie Mellon University, for instance, found that longer passwords were far more effective at thwarting hackers, especially when you combine letters, numbers, symbols and use both upper case and lower case letters.
Don’t write them down because they can be viewed by someone which defeats the whole idea. Instead make up passwords that are easier to remember by thinking up short sentences or phrases. You might use, for instance, “I ate five pizzas.” To throw in numbers substitute the number one for the letter “i” to make it “1 ate f1ve p1zzas.” To strengthen it with symbols, switch out the letter A for the @ sign – which looks like a small A. In that way you can get creative by thinking up numbers that resemble symbols and vice-versa to generate your own ironclad passwords that are not so difficult to recall.
Another NSA Scandal?
One of the most unexpected and dramatic developments around Heartbleed was reported by Bloomberg recently (http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html)and involves the U.S. National Security Agency (NSA). According to sources cited in an article on the Bloomberg website, the NSA has known about the Heartbleed bug for at least two years. The NSA allegedly kept that threat a secret, though, in order to exploit the gap created by the bug and use it to snoop on people and gather critical intelligence information. At first the NSA declined comment, and then later it denied knowing about Heartbleed until the bug was made public this month.
“Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before 2014 are wrong,” according to an e-mailed statement from the Office of the Director of National Intelligence.
The Next Great Spy Thriller?
It remains to be seen whether the NSA is targeted with greater scrutiny and if the controversy surrounding the agency accelerates in the wake of the Heartbleed bug. Meanwhile just the possibility that the NSA did perhaps know something and didn’t share that information should be great ammunition for any novelist who wants to add a plot twist to the next political thriller. Stay tuned. Perhaps soon you’ll be able to download a e-book that delves deeper in the mysterious Heartbleed bug or uses it as inspiration for a page-turning piece of fiction.