Heartbleed is a bug that has been around for two years, but did not surface until this past Monday. What the bug is is a flaw in security protocols. It allows hackers to infiltrate profiles and receive sensitive information that you would think would be super secure. As far as I know, the media has told everyone to change their passwords quickly. Unfortunately, you should be doing the complete opposite. Do not change any passwords. In fact, you probably shouldn't even be visiting the sites that are at risk. (ex. Facebook, Etsy, goDaddy, etc.) NOTE: Heartbleed is not a virus. It is not out to get you. It is simply a huge flaw in "secure" transferring databases, such as OpenSSL. I just wanted to make that clear before I continue.
It has been said by some people in the NSA that they have actually known about the bug two years ago when it first sprang up. They say that have been working to patch it up, but it's really up to OpenSSL. So you can guess where my first conspiracy will come from. The NSA is behind the whole thing and they are telling people to change their passwords to make them more vulnerable. I mean think about it, just a little while ago, we were getting mad at Obama and the NSA for spying on us with our cell phones and what not. They have been doing it all along. Heartbleed helped them out with that.
I have another theory that isn't as cool, unless they made it into a movie with the perspective of the person I'm about to talk about. There is a person working for OpenSSL and they were like a double agent and a super hacker. He works with an underground hacker society and infiltrated OpenSSL. He and his little hacker friends purposely thought up this flaw, Heartbleed and implemented it into OpenSSL. I bet that person is still working there too just laughing on the inside. Ha.
My last conspiracy (for now) is that Pinterest is behind this... What?! Why Pinterest? Well think about it, how many people this week got an email from ONLY Pinterest telling them to change their password. They were the only site to send out an email as far as I know. I don't know how they could be behind it, but it's possible. Think of how many websites are connected to them! Then again, I did not look at (or click on) the link in the email. So it could have been a phishing attack. But I wouldn't know. (Remember, this is an opinionated blog.)
It's strongly recommended that you avoid these affected sites until it is confirmed that they have been patched. It kind of sucks that they tell us to not change the passwords until after the fact. But I think we will all be safe... today. Tomorrow, probably not. It was unknown for two years and there weren't any hackers trying to steal information because they didn't know about it. Now that it has surfaced and is mainstream, hackers will be all over that. Not trying to scare you, but I am trying to warn you. Don't change your passwords. Hackers can smell fear and paranoia.
Be safe.
Until next time,
God Bless Y'all and God Bless America!!!
-Rachael
