Heartbleed 101
Heard of heartbleed? No it’s not a new not-for-profit, but its definitely something not-for-profits should pay attention to. Heartbleed is being called one of the biggest threats to internet security so far, so what does it mean for your organisation?
Heartbleed is the name of a flaw found in the extremely common security layer OpenSSL, which is an open-source project maintained by a small group of developers. OpenSSL is the most popular TSL’s (Transport system layer) and is designed to make websites trustworthy and recognisable to consumers and protect their privacy and transactions.
A flaw in this system – heartbleed- now means that sensitive information can be easily exposed to those that go looking for it.
What can you do to protect yourself?
As an individual it’s simple – change your passwords. You may have started to receive notifications from internet giants asking you to change your passwords. For a full list of websites that have been compromised click here.
As a leader of an organisation, your IT department will need to update to the new version of OpenSSL, which is a fairly straight forward process. However, your organisation may not be using OpenSSL. If your organisation is too small to warrant an IT department, check if security has been breached with your web host or third parties you are collecting donor information through.
So why did heartbleed make headlines?
Heartbleed is considerd one of the biggest threats to internet security because it affected so many websites. According to mashable, secure websites with “https” in the URL (“s” stands for secure) make up 56% of websites, and nearly half of those sites were vulnerable to the bug.
Brands like Google and Facebook knew of heartbleed before the public announcement on April 7 but many brands like Amazon, Twitter and Yahoo were none the wiser. It was also worrying for many tech leaders because it was impossible to tell if security had or has been breached. All that was clear was that the bug existed.
So who is behind heartbleed?
Source is unknown, however initial arrests have been made for those taking advantage of the breach.
What is known is who found it. Neel Mehta of Google security discovered heartbleed around March 21st. Since then, Facebook and Microsoft donate $US15,000 to Neel via the Internet Bug Bounty program. Mehta chose to gives the funds to the Freedom of the Press Foundation.