Personal Information at High Risk with Heartbleed

COLLEGE STATION, Texas Computer viruses and breaches have become an all too familiar sight, but a new virtual thief is lurking that could take what you think you know about internet hacking and turn it upside down.

Known as the Heartbleed Hack, it's not a computer virus, but an error designed into server software and sold to dozens of online merchants in 2011. Since then, the error went unchecked and virtually undetectable, opening up companies to massive data breaches.

"On a scale of one to ten, this would be an eleven," said Professor Riccardo Bettati, a professor at Texas A&M University's Department of Computer Science.

To better understand what the Heartbleed is, it helps to know about the "heartbeat," a connection confirmation signal sent between client and server.

It's sort of like a telephone conversation. Since one caller can't see the other, they both depend on audio cues to confirm the signal is still connected.

Ordinarily, a computer sends a short heartbeat message to a server, and the server will copy that message verbatim and send it back.

The average hacker can code a heartbeat message that appears long, but is actually short. When the server copies the message, it has to get data from other parts of the server to match it.

"So the server reads whatever it has in memory and sends it back," said Dr. Bettati. "Normally, there is nothing. But occasionally, there may be a password, there may be an account number or a credit card number."

Attacks are hard to trace, because servers don't keep a log of the heartbeat messages.

The good news is, most online merchants have since upgraded their software, so they are no longer prone to Heartbleed attacks. But since the error has been around since 2011, experts say all servers should be considered compromised.

The best defense is something you've likely heard before.

"Practice good internet hygiene," said Dr. Bettati. "Periodically change your passwords, because you never know."

Bettati recommends writing your passwords down on a sheet of paper and to keep them close by.


Join the Conversation!

To comment, the following rules must be followed:

  • No Obscenity, Profanity, Vulgarity, Racism or Violent Descriptions
  • No Negative Community Comparisons
  • No Fighting, Name-calling, Trolling or Personal Attacks
  • Multiple Accounts are Not Allowed
  • Stay on Story Topic

Comments may be monitored for inappropriate content, but the station is under no legal obligation to do so.
If you believe a comment violates the above rules, please use the Flagging Tool to alert a Moderator.
Flagging does not guarantee removal.

Multiple violations may result in account suspension.
Decisions to suspend or unsuspend accounts are made by Station Moderators.
Questions may be sent to comments@kbtx.com. Please provide detailed information.

powered by Disqus
KBTX-TV Channel 3 4141 E. 29th Street Bryan, TX 77802 Phone: (979) 846-7777 Fax: (979) 846-1490 News Fax: (979) 846-1888
Gray Television, Inc. - Copyright © 2002-2014 - Designed by Gray Digital Media - Powered by Clickability 255813621 - kbtx.com/a?a=255813621