Heartbleed Bug Rumors: OpenSSL Vulnerability Myths And Other Conspiracy Theories Debunked
Heartbleed bug rumors have run rampant for a while now, and while it does threaten your general privacy, the OpenSSL vulnerability has also gained a following of conspiracy theories. Technical news sites everywhere have told you that it may be time to change your passwords, though it remains to be seen if that solution will really fully fix anything yet.
After all, Heartbleed affects servers as much as your device. Changing passwords will only confuse the exploit where hackers might have access, but until OpenSSL is proven secure again, the risk is still there. Apple and Windows Phone users will be happy to know that their devices don’t use OpenSSL and the risk is minimized for them.
One myth which may or may not be believed is that the NSA is using the Heartbleed bug to spy on us. They have flatly denied doing so, but they are notorious for being as trustworthy as a rubber nail. They may be only telling us what we want to hear and hiding the truth. It would not be the first time.
Another one of the Heartbleed bug rumors is that it’s a virus. It is not a virus; it is more like a hole in security. A virus is defined as a program which runs on its own without the user’s permission. Adware and malware are the most common forms of viruses, usually installed alongside that bit torrent you probably didn’t scan before you ran it. Think of the OpenSSL vulnerability more like a secret back entrance into a gated community. Viruses would be more like people and cars using it to get in, not the entrance itself.
None of Microsoft’s software uses OpenSSL, so the recent cutoff of Windows XP updates doesn’t make it an easier target. You should probably still upgrade to Windows 7 just to be safe, though. Major retailers and banks have stated that they don’t use it either.
Yet another Heartbleed bug rumor is that if your vulnerable device was just patched through a firmware update, it’s now safe. Your account isn’t always stored on the device or website you think it is. There may very well be a separate server involved that’s still very much at risk. It is best to wait until you know everything has been patched before you make any changes at all, and keep an eye on your credit or bank accounts to make sure.
Excellent debunking of the “many eyes” Open Source myth in wake of Heartbleed by @lseltzer http://t.co/TEBbSsdQeL
— Jason Perlow (@jperlow) April 14, 2014
Your phone cannot be used remotely just because it has the OpenSSL vulnerability. The Heartbleed bug doesn’t hand others control, it only allows information stored there to be stolen. Use “airplane mode” when you’re not using the signal to minimize the chances of anything getting taken, as well as to save battery life.
Everyone who uses the Internet for anything personal could be at risk, but that has been the story for years now. Remember that if you change your passwords often enough, you’re making it difficult for hackers to access your account. Heartbleed bug rumors or not, changing your passwords often is always recommended.