WWMT - wwmt.com - Search Results

The following is an archived video story. The text content of that video story is available below for reference. The original video has been deleted and is no longer available.

Looking into the Heartbleed bug

(NEWSCHANNEL 3) - A computer bug is affecting the way data is encrypted on websites and could be making it easier for hackers to steal your personal information.

Security experts say if you have major banking to take care of, do it in person or over the phone, adding that the bug, known as 'Heartbleed' is a major concern for all Internet users.

Newschannel 3 spoke to a local expert Thursday night to break down exactly how the bug works and how you can stay safe from those who might go after your personal information.

Dr. John Kapenga, of Western Michigan University's computer sciences department broke down the Heartbleed bug for Newschannel 3.

In short, it's a hacker's dream, with millions of Internet users at risk of having their personal information compromised.

"It might contain your passwords, encryption keys, it might contain security keys for the system itself, that will allow people to log on and take control of the system even," Kapenga said.

He calls it dramatic, and a major concern: a simple coding mistake that's been around for years on the majority of websites.

Most servers use OpenSSL--an encryption tool with a major security issue.

"These things are created by humans, and humans have errors--errors in thoughts," Kapenga said.

A quick breakdown of what happens: the computer's 'heartbeat' sends bytes of information and is put in memory on the server, and then sends the information back.

The issue is that the bug sends back a lot more information than intended, thus the name Heartbleed.

Ultimately, no one really knows how much information has been leaked out. Not everyone's password was grabbed, but there's a chance; and there's no way of knowing who is at risk.

So for now, you're urged to change your password at any and all sites where you use one.

"And then what you want to do is wait a few days to give everyone a chance to patch their things to make sure they are patched and then change your password again," Kapenga said.

Sites like Facebook, Instagram, Twitter, Google, Yahoo, and GMail say they have already made security fixes or patches.

Most banking sites--like Bank of America, Chase, Citi Group, Wells Fargo and others--say they weren't affected because they don't use OpenSSL.

To see for yourself which sites were affected or were not affected, and which sites have patched, and most importantly which sites recommend you change your password, click here.