COLLEGE STATION, Texas Computer viruses and breaches have become an all too familiar sight, but a new virtual thief is lurking that could take what you think you know about internet hacking and turn it upside down.
Known as the Heartbleed Hack, it's not a computer virus, but an error designed into server software and sold to dozens of online merchants in 2011. Since then, the error went unchecked and virtually undetectable, opening up companies to massive data breaches.
"On a scale of one to ten, this would be an eleven," said Professor Riccardo Bettati, a professor at Texas A&M University's Department of Computer Science.
To better understand what the Heartbleed is, it helps to know about the "heartbeat," a connection confirmation signal sent between client and server.
It's sort of like a telephone conversation. Since one caller can't see the other, they both depend on audio cues to confirm the signal is still connected.
Ordinarily, a computer sends a short heartbeat message to a server, and the server will copy that message verbatim and send it back.
The average hacker can code a heartbeat message that appears long, but is actually short. When the server copies the message, it has to get data from other parts of the server to match it.
"So the server reads whatever it has in memory and sends it back," said Dr. Bettati. "Normally, there is nothing. But occasionally, there may be a password, there may be an account number or a credit card number."
Attacks are hard to trace, because servers don't keep a log of the heartbeat messages.
The good news is, most online merchants have since upgraded their software, so they are no longer prone to Heartbleed attacks. But since the error has been around since 2011, experts say all servers should be considered compromised.
The best defense is something you've likely heard before.
"Practice good internet hygiene," said Dr. Bettati. "Periodically change your passwords, because you never know."
Bettati recommends writing your passwords down on a sheet of paper and to keep them close by.
To comment, the following rules must be followed:
Comments may be monitored for inappropriate content, but the station is under no legal obligation to do so.
If you believe a comment violates the above rules, please use the Flagging Tool to alert a Moderator.
Flagging does not guarantee removal.
Multiple violations may result in account suspension.
Decisions to suspend or unsuspend accounts are made by Station Moderators.
Questions may be sent to firstname.lastname@example.org. Please provide detailed information.