“Heartbleed” is one interesting name for a security vulnerability. It sounds like a reference to a brilliant romance built on mutual trust gone dramatically bad–ending in a messy breakup that perhaps only chocolate can address.
Truth be told, this isn’t far from what has actually happened–and it is serious.
The “relationship” I am referring to is something called OpenSSL. It is a protocol that creates a secure connection between your computer and your bank, online stores, and just about any website that requires the transmission of personal data like passwords, credit card information, etc.
Apparently a vulnerability has been discovered that makes it possible for hackers to eavesdrop on the transmission of this personal information. That’s obviously not good, and the vulnerability has existed since March of 2012. So that “trusted romance” between your computer and places on the Internet you believed was secure may have had someone mingling in the middle–a virtual “love triangle,” so to speak.
Here’s what you need to know:
- None of the Bucknell systems that process or store passwords were affected.
- Somewhere around 66% of all secure websites on the Internet use OpenSSL for secure transmission of data. That means all of them may have been vulnerable at one time or another.
- The good news is many sites have rushed to patch the Heartbleed vulnerability. The bad news is many have not (yet). If you are curious about who is who and exploring more resources about Heartbleed, please visit:
What you need to do:
- We strongly suggest you research websites that are important to you and your privacy using the URL above.
- If the site is still vulnerable, minimize your interaction with it until you have been notified or it has been classified as patched. It is also not a bad idea to keep a close eye on bank statements and similar documents for unusual activity.
- After the website has been patched, we encourage you to change your password. As always, we recommend using different passwords for each site. That way if one of your passwords is compromised a hacker does not have access to your personal information on other websites.
So, in the end, the Heartbleed vulnerability is one situation where chocolate will not help and should therefore be taken seriously. If you have any questions or concerns please contact Tech Support at email@example.com or by calling 570-577-7777.