Putting the record straight about the Heartbleed bug – what you should know

By | April 15, 2014
This content is 7 years old. Please, read this page keeping its age in mind. Thank you.

It’s a long issue this time – there are two important things you should know about so I put aside everything I had thought I might write about and covered this important news instead…

Putting the record straight about the Heartbleed bug…
You might have heard the news about the recent Heartbleed bug. And every news story I’ve heard seems very clear about what you should do about it.

The only problem is they don’t all say the same thing! In fact some say quite contradictory things.

But one thing they all get right – it is potentially extremely important, if you use your computer for things like buying online or anything involving credit cards or banking.

So what is going on?
Some websites (quite a lot in fact) use a bit of software called OpenSSL, which keeps your card details, password or whatever secure when you use them to log in or buy something online. It’s one of the types of software that makes the web address start with https instead of just http and makes a little padlock appear next to the web address.

But it turns out there’s a bug – and it means that a hacker who knew about the bug could get through it to get at your details.

It’s not a new bug, it’s been there for about 2 years. But it’s only just been discovered and made public.

Of course it’s possible that scammers have known about it for a while – but as far as I can tell, there’s no evidence that it’s actually been used.

Of course, now it’s public, all the evil scammers will be rushing to make use of it. But when it was discovered, the big companies whose websites were at risk were warned before it was made public, so they had time to fix it first.

It is pretty serious – but not all websites will be affected and many will have been fixed before it was made public.

So what should you do?
Some people are saying you should rush out and change your passwords straight away. Well, it won’t do any harm, but it’s not necessarily the best answer. First of all, not all websites use Open SSL, so there’s no point in changing passwords on those websites.

Secondly, not all websites are fixed. If you change your password on one that isn’t fixed yet, the scammers will just be able to get your new password. So you need to change it after the website is fixed. (Though there’s nothing to stop you changing it now and then changing it again after it’s fixed.)

Most of the popular websites have already been fixed, so on any of those that were affected, it’s best to change your password now.
If you use a smaller website that uses a password, then it’s best to check. You can go to https://filippo.io/Heartbleed/ and type in the website address to see if it’s currently ok. Or just email the company concerned (many will have it listed on their website anyway).

Incidentally, nothing from the Helpful Book Company was affected.

Some sites that were affected and you should change your password:

  • Facebook
  • Google (if you have a password and log in to use any of their services)
  • Yahoo
  • Dropbox
  • Pinterest
  • Tumblr

In general, to change your password, you log in as normal, then look for “options”, “account” or “your details” – click on that (or something like it and you should get an option to change your password).

Some sites that weren’t affected so you don’t need to bother:

  • Apple
  • Hotmail or Outlook Online
  • Twitter
  • Linked in
  • Amazon
  • PayPal
  • Gov.uk
  • As far as I can tell, no UK banks were affected. Definitely the following are fine: HSBC, Lloyds TSB, Barclays, Co-op, RBS/NatWest

Of course, if there’s a website you’re not sure about, there’s never any harm in changing your password.

Windows 8.1 update one
The other big news recently is that there’s a new update to Windows 8.1 out. I know, it isn’t that long since Microsoft brought out Windows 8.1 – but they’ve been busy.

This update is only if you already have Windows 8.1 on your PC, laptop or tablet. If you have Windows 8, you can update to Windows 8.1 (free) and then get this update, but you don’t have to.

If you have Windows 8.1, though, this is more or less a compulsory update, as Microsoft won’t give you any further updates (including important security ones) unless you get this one.

A lot of PCs will be set up to automatically get it anyway, so it might happen without you having to do anything. If not, there’s information about how to get it manually here: http://windows.microsoft.com/en-us/windows-8/install-latest-update-windows-8-1

If you’re not sure whether you’ve got it or not, the easiest way is to check on the main start screen, the one with the rectangular “tiles” on. If there’s a magnifying glass near the top right, you’ve got it. If not, you haven’t.

There have been cases of people having trouble with updating and my advice generally with something like this is to wait a week or two to make sure any bugs are sorted!

So what’s new:
If you have a laptop or desktop PC, it’ll probably now start up in the desktop view, instead of the start screen with the tiles. If you have a tablet, this won’t change.
If you point the mouse at the bottom of the screen while running an app, you’ll get a taskbar, like in older versions of Windows, showing all the different things you’ve got running. You can click on one down there to switch to it.
If you point the mouse at the top while an app is running, you’ll get a short bar with buttons to close the app and do a few other things on – a bit like the bars at the tops of programs in older versions of Windows.
There are a couple of other tweaks, too, but those seem to be the most important ones to me.

By and large, they seem like good changes – making it a little easier to use and a little bit easier if you’re moving from an older version of Windows (good timing for anyone who used to have Windows XP and is getting a new PC).

Inner Circle News Coming Soon…
Well, I’ll also shortly have some news about the Inner Circle – the group I run with lots of computer help for people, with articles, videos, ebooks and questions answered… It’s good news for members and also for anyone who might think about joining, but I’m not quite ready to announce it yet… and after this long issue,it’s best to leave it to another time anyway! But watch this space…