What you really need to know about online security flaws

Heartbleed bug
For the average web user, security vulnerabilities like the Heartbleed Bug don’t mean much. So how can we cut through the noise and understand the importance of these serious vulnerabilities?. File/Getty Images

TORONTO – It’s been a busy year for security experts who dedicate themselves to finding high-risk online security flaws, found deep inside complicated software and coding programs.

In that time period, Global News has reported on many of those flaws – Heartbleed Bug, FREAK security flaw, the Internet Explorer security bug, Poodle bug and Shellshock bug, to name a few.

Each report provides details the vulnerability, explaining – in the easiest way possible – what type of code or software the bug affects and what users can do to protect themselves.

But, for the average web users, these vulnerabilities don’t mean much. So, how can we cut through the noise and understand the importance of these serious vulnerabilities?

Global News spoke with Jeff Schmidt, founder of JAS Global Advisors, which recently discovered the JASBUG security vulnerability, to discuss what web users really need to know.

Story continues below advertisement

Don’t get too bogged down with the details – just remember the importance of software updates

The number one thing web users should take away from these vulnerabilities is the importance of software updates.

“Really the only thing a consumer can do that will help them in these cases is keep up to date on patches – that’s really the most important take away,” said Schmidt.

Once a vulnerability is discovered it’s up to developers and manufacturers to patch the software. Once a patch is deployed, it’s up to the user to install it.

READ MORE: Beginner’s guide to protecting your information online

Take, for example, the recently discovered FREAK bug – which would have allowed hackers to spy on Android and Apple users by breaking the secure connection between their device’s web browser and websites.

Apple patched the issue in its iOS 8.2 update – released March 10. But it’s up to the user to update their device to deploy the patch.

However, some desktop operating systems, including Apple’s OS X and Windows, will automatically install important security updates.

It’s important to note that depending on the nature of the bug, experts may recommend taking additional steps to protect your personal data – like changing your passwords for services that may have been affected by the bug.

Story continues below advertisement

It’s not always as simple as installing a software update on your computer

“Unfortunately, lots of things need patches and not all of those things are nicely packaged,” said Schmidt, referring to those operating systems that prompt users to install important security patches.

“A big exposure is things like home routers or printers – those need updates all the time, [they have] lots of vulnerabilities. But there isn’t anything that tells us those things need updates.”

Schmidt suggests that users log into their router’s web interface every once in a while to check for firmware updates – however, this process is typically reserved for more advanced users.

How-to site “How to Geek” has a step-by-step guide to accessing your router’s web interface, for those who want to try.

To update the firmware on your printer, go to the website of your printer’s manufacturer and type in the model number along with “firmware.” The most recent firmware update should show up in the search results. Follow the instructions on the website to install the firmware.

That being said – don’t worry too much about hackers attacking your home network.

“The reality of home consumer level types of crime are low – they are crimes of opportunities. No one is going after the average person’s router,” he added. “They aren’t likely going to attack you – but if they trip over you it might happen.”

Tweet This
Story continues below advertisement