Heartbleed Bug ? Should You Care ?

Yes you should really care about this large hole in an allegedly secure internet world. Can you do something about it? That remains to be seen.

Someone either wrote bad code, or built-in their own back door in the OpenSSL product which is the basis for many (read LOTS) of “secure internet” applications that are used on the Web and elsewhere, and created the Heartbleed Bug with this change. This is so interesting, there is a Heartbleed Bug website! Do you really want a detailed explanation, read Bruce Schneier’s explanation (he says on a scale of 1 to 10 in terms of bad, this is an 11)?

How serious is this problem? Well the CRA  closed down Netfile’ing for now because they weren’t sure if they were victims of this problem. My bank didn’t shut down their Web Banking, so they either don’t think this is a big issue, or they know they did not use that code.

What should you do about it? I have seen lots of folks screaming that we should all be changing our passwords right away, which might be a good idea, except if you then use it on a site that has not been “fixed” yet, your new password is now available to Evil Hackers as well.

It might be best to find out which sites you use that might have this “software flaw” in it, and once the site declares it is safe, then change your password there. If you have a common password that you use everywhere, you might want to change it everywhere as well. You can test a site here, but I also am not sure if that site’s findings are (1)believable (2) to be trusted.

The good news is that this bug has been around since 2011? Does that mean no one noticed this before, or it has been exploited for a long time and now it is becoming well-known? I have no idea, but this is another argument about why you should regularly change ALL of your passwords, especially for online banking and such.