Don't assume you're safe from Heartbleed

By: Matt McGovern Email
By: Matt McGovern Email
Companies are still moving to address the bug.

To be safe from Heartbleed, you need to know that everything you use to connect online is updated and fixed.

NEW YORK, NY (CNNMoney) - In the post-Heartbleed world, assume your online communication isn't secure unless proven otherwise.

It sounds alarmist, but it's true. Email, social media, banking, all of it is at risk.

The Heartbleed Internet bug is particularly nasty because it's pervasive. It affects apps, hardware and websites.

Apple didn't release a firmware update for its AirPort routers until Tuesday. Dell's SonicWALL app, which lets you connect to corporate networks from home, just got patched Monday. QNAP updated the firmware for its Turbo NAS data storage centers last week. Many of Cradlepoint's 3G and 4G modems, used by businesses, weren't patched until recently.

On April 17, there were still 150 million vulnerable apps running on Android smartphones, according to cybersecurity provider FireEye. All must be updated.

To be safe from Heartbleed, you need to know that everything you use to connect online is updated and fixed: smartphone apps, Wi-Fi routers, office servers, the websites you visit, and their servers too.

The risk is inherent in the complicated way the Internet works. Signing into your bank might bounce you to data centers around the globe. That's why solving the Heartbleed problem is a herculean task that's largely outside of your control.

All you can do is change your passwords often, all of them, and update your software to the latest version. And don't trust any app, device, computer environment or website until those in charge specifically say they've patched the problem.

But many companies aren't making it easy for you to figure it out. Banks aren't placing announcements on their website homepages to reassure customers they're safe. Information about whether routers are vulnerable, and how to fix them, are located deep within the websites of Apple, D-Link and Netgear.

Rick Dakin, CEO of IT department auditor Coalfire, said websites should be alerting customers, and company IT departments should be informing employees about their own company's situation.

It's difficult to overstate the problem. Heartbleed isn't a computer virus that automatically gets deleted by your computer's antivirus program. It's a flaw in the software devices use to talk to one another. And because these are all interconnected, it only takes one weak point to let hackers peek in. Even some versions of Symantec's Norton AntiVirus software were impacted. Bryan Harris, a researcher at analytics software maker SAS, called it "a systemic issue" with a long, uphill road ahead.

So severe are the problems with OpenSSL, the encryption software that had the Heartbleed bug, that some are ditching it entirely. A Canadian computer programmer recently created another version of it, called LibreSSL, in an attempt to simplify and clean it up.

But even if everything seems patched, we'll never know for sure, said Joe Touch, director of the Postel Center of computer research at the University of Southern California. New computer systems are often built relying on older ones which are no longer maintained.


Comments are posted from viewers like you and do not always reflect the views of this station.
powered by Disqus
KGNS-TV 120 W. Del Mar Blvd., Laredo, TX 78041 Fax: 956-267-8649 News Hotline: 956-723-5161 956.727.8888 email8@pro8news.com
Copyright © 2002-2014 - Designed by Gray Digital Media - Powered by Clickability 256692581 - kgns.tv/a?a=256692581
Gray Television, Inc.