Heartbleed still matters, and we're all partly to blame

Extremely weak passwords make us vulnerable, but there are ways to create passwords you'll remember and yet are hard to crack

Two months on, the Heartbleed vulnerability is still worth talking about. One thing that needs to be discussed is that you and I are partly to blame for the problems Heartbleed caused. But we can also talk about some common-sense ways we can help protect ourselves in the future.

In order to truly understand Heartbleed, let us first define what a vulnerability is, according to the Information Systems Audit and Control Association (ISACA). ISACA defines vulnerability as "a weakness in the design, implementation, operation or internal control of a process that could expose the system to adverse threats from threat events." In people terms, it is essentially a weakness in some process that could lead to bad things happening. Follow? Great!

Next, what is Heartbleed? On April 7, a vulnerability was identified in some implementations of the Secure Sockets Layer (SSL) protocol, called OpenSSL. An SSL protocol establishes an encrypted link between a Web server and your Internet browser. Not only does SSL encrypt your online communications, protecting your username and password, but it also helps ensure that you are connecting to legitimate websites.

So why should you care about Heartbleed? First of all, the name alone is enough to strike fear into the hearts of luddites and technophiles alike. It's terrifying, frankly. I shiver just typing the word, and I am clutching my chest as I write this. True story.

To the everyday Internet user, the Heartbleed vulnerability can allow a hacker to connect to a Web server and steal sensitive information, which may include your user ID and password. Hackers can then attempt to use that information to log into other accounts using the same user ID and password. Fortunately for you, you don't use the Internet that often. Oh, you do? That's OK; you have a secure and different user ID and password for each website you log into, right? No? Let's revisit this a little later.

Stop leaving your keys in the door

To continue reading this article register now

  
Shop Tech Products at Amazon