There has been a lot of information in the media during the past week about the Heartbleed bug. This is a very brief explanation about what the Heartbleed bug is, how it affects you, and what you need to do about it.

First, here is a cartoon that explains it well: http://xkcd.com/1354/

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by vulnerable versions of the OpenSSL software.
This software is used to encrypt the traffic between two computers (for example, your computer and the online banking system that you use).

The technical explanation is as follows: the bug compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and users, and (potentially) to impersonate services and users.

The bug has been patched, and major service providers such as banks and website hosting services have now mostly updated their systems. After these systems have been patched, you will need to change every password that could potentially be affected.

Here is a great article that explains how you can check whether a website has been patched, and what you can do to protect your information:
http://krebsonsecurity.com/2014/04/heartbleed-bug-what-can-you-do/

My advice is to change the most important passwords (e.g. those of your banking system) as soon as possible. Please feel free to contact me if you have any questions or need additional information.

Joe Hoonhout, IT Solutions Ltd
Phone: +64 21 924877 Email: joe@itsolutions.co.nz   Website: www.itsolutions.co.nz