Heartbleed FAQ

Heartbleed logo

Recently, the security vulnerability CVE-2014-0160 was discovered, nicknamed Heartbleed. Because of several inquiries we decided to answer some Frequently Asked Questions:

What is Heartbleed?

Heartbleed, or CVE-2014-0160, is a security vulnerability which allows an attacker access to private data stored on servers which run certain versions of OpenSSL. This means that your sensitive data – usernames, passwords, and even credit card information – could be at risk. The bug can allow a hacker to pull data directly from the server’s working memory. Although the attacker has no way of knowing if any of the data they grab is useable, since they can exploit Heartbleed over and over there is a high chance that they will eventually get the sensitive data they are looking for.

What is OpenSSL?

OpenSSL is an open-source encryption technology which is very widely used across the World Wide Web. Encryption is a process of encoding information in such a way that only the authorized parties can read it.

How long has Heartbleed been around?

This security vulnerability was first introduced into the OpenSSL software in March 2012, but was only recently discovered by security companies. It is unknown whether or not hackers had exploited CVE-2014-0160 before it was made public.

What can I do to protect myself? Can SUPERAntiSpyware protect me?

Your first instinct may be to change all your passwords. This is definitely a good idea, but first you should contact the Web site operator to ensure that the Heartbleed bug has been patched. If the site has not yet fixed the bug, changing your password would be futile since an attacker could just exploit the breach again and steal your new password.

If you are unable to contact the Web site operator, there are ways to tell if a particular site is vulnerable. LastPass and Qualys have created tools which will give you information about whether or not a site has been affected by Heartbleed. Also, CNET has compiled a list of the top 100 Web sites and whether or not the Heartbleed bug has been patched.

Because Heartbleed is a security flaw and not any type of malware (virus, worm, Trojan horse, etc…), anti-malware programs such as SUPERAntiSpyware cannot protect your information. That ability lies solely with the operator of the Web site.

How do I know if my information has been stolen?

Unfortunately, exploiting this vulnerability does not leave traces of any abnormal activities, and therefore there is no way to know if your information has been stolen.

I use online banking – is my bank account at risk?

Most major banks do not use OpenSSL and use their own proprietary encryption software. That being said, if you do any of your banking online it would be a good idea to change your password and contact the bank directly to confirm that their site is secure. It would also be prudent to keep an eye out for anomalous charges on your financial statements. Until you are completely sure that your banking Web site is secure, it would be advisable to avoid doing any online banking.

I did my taxes online – is my tax information safe?

A recent post by the IRS stated that their systems are not affected by the Heartbleed bug and they will continue to accept tax returns as normal.

 

If you have any questions related to Heartbleed, feel free to share them with us on our Facebook® Page or simply leave a comment below.

Share

Everything You Need To Know About Rogue Security Software

​​rogue vs real

When it comes to spreading malware and swindling money from the victims, cybercriminals have many ways to achieve their malicious goals. In recent years, cybercriminals have become increasingly inventive in terms of writing, designing, and distributing malware. In one of our previous blog posts, we discussed about ransomware and how it is being used by cybercriminals to extort money from its victims. In this blog post, we’ll discuss about a new type of malware called ‘Rogue security software’, which closely resembles ransomware, but follows a little different approach to attack its victims. 

Read more…

Share

Why Bother With Software Updates?

Software Updates

What do you do when you see those little icons and pop-up messages that appear in the system tray, indicating there is a new software update available for you to download and install?  Most people find such notifications and the process of installing new software updates insignificant and disrupting. The truth is, people ignore such notifications for various reasons, such as, ‘Do I really need to install this update?’, ‘My computer is working just fine, I don’t think this update is for me!’, ‘I don’t have time to reboot my computer’, etc. If you are accustomed to dismissing those update notifications, you need to reconsider that practice. Applying software updates is one of the most important things you can do with your computer. In fact, if you don’t do it, you’re very likely going to get some kind of malware in your system and even get hijacked.

Read more…

Share

All You Need To Know About Ransomware

Ransomware

The modern malware landscape is huge, and it’s growing more and more sophisticated every day. In one of our previous blog posts, we discussed the different types of malware, their infection mechanisms and how they act within a system. Currently, there is one category of malware that is becoming increasingly more popular called “ransomware.” In this blog post, we will discuss what ransomware is and what strategies and techniques are used in creating and propagating this latest trend in internet crime.

Read more…

Share

6 Common Myths and Misconceptions About Malware

Malware Myths and Misconceptions

Over the past few decades, computer security has become an important concern among users. Security vendors have faced tremendous challenges dealing with complex security threats with IT experts placing more effort on educating people. Nevertheless, there are many computer security myths that exist today and surprisingly, many people still believe them. In this blog post, we'll reveal a few of the most common malware myths and the misconceptions that can put you at risk.

Read more…

Share