Pin It

What the hell is going on with Heartbleed, explained

The super bug has sent computer users scrambling to protect their safety – but what do you actually need to do?

Does anyone remember the Millenium Bug? Y2K was the cause of the worst New Year's Eve ever – and not because anything bad happened. We sat with relatives waiting for the world to explode and then when midnight turned to 00.01am, we breathed a collective sigh of relief, carried on playing charades and wished that the world had actually ended. In fact the impact was so minor, that on the list of reported problems caused by Y2K, the malfunction of bus-ticket machines in Australia makes it onto the list.

But 14 years on, something very different has turned up. It's being called the most potent security threat that the world has ever seen. It's ugly and it doesn't care about your safety. This spring, coming to a laptop near you, is Heartbleed.

Found by a member of Google's security team, Heartbleed has gone undetected for two years. The issue concerns OpenSSL, an encryption service that over fifty percent of websites use. If you've accessed any affected sites over the past two years, then your personal information could be fair game to cyber–criminals.

OK, scaremongering rhetoric out of the way – what you do actually need to do to make sure that Heartbleed doesn't ruin your life?

First of all, visit LastPass. Here you can enter any site that you may regularly frequent, or entrust with your information and LastPass will let you know if you're at risk. They say, "LastPass will not only alert you to which sites are vulnerable, but also tell you the last time you updated your password for the site, when that site last updated their certificates and what action we recommend taking at this time."

Change all of your passwords anyway. Getting into the habit of changing passwords regularly is no bad thing, and avoid any words that directly relate to your life – a complex code of numbers and letters is preferable, or hieroglyphics if you can. However, make sure that when you change your password you establish that the site has given the all clear to do so. Changing a password before the bug has been fixed won't rectify the problem.

Over the next couple of weeks, sharpen your focus on any personal information that you have online – banking, email, social networks. Watch out for emails that look phony, or phishy (I actually got one of these) and don't open if you're not sure.

But don't worry too much. There is actually nothing to suggest that hackers picked up on the bug – it was after all researchers who discovered the issue. This is merely precautionary, but given the size of the flaw, it's recommended that you take the necessary steps to remain safe.

Speculation has mounted over the last two days that everybody's least favourite spying organisation, the NSA, may have used Heartbleed to spy even more than they already have, and gamers have used it to frag Call Of Duty. If you missed our last round up of a crypto–cultural phenomenon, then read our Bitcoin piece here.