If your heart skipped a beat when you heard about the latest major online security threat, a bug called Heartbleed, calm down. It's not worth having a heart attack over.
But you can't dismiss Heartbleed, either. You likely will have to change some account passwords to protect yourself.
"It's safe to say this is the most serious security vulnerability that's ever been on the Internet," said Daniel Lopresti, professor and chairman of the computer science and engineering department at Lehigh University.
That said, there haven't been tons of confirmed breaches, as exposed websites have been plugging the hole. But the true impact of Heartbleed likely won't be known for some time, which is why you need to stay aware.
If you're not into technology, you may have heard about Heartbleed but not know much about it. Here's the layman's version.
It is a flaw in an encryption software called OpenSSL that is used by some websites and computer hardware to secure information. The flaw was caused by an error in one line of computer code written about two years ago.
"It's like an enormous building fell over because there's one little screw broken," Lopresti said.
Someone can exploit the flaw and repeatedly dip into information stored on unprotected servers by manipulating the connection that keeps two computers in communication. The connection is known as the heartbeat, hence the name Heartbleed.
"It's kind of like panning for gold," Lopresti told me. "You pick up a lot of dirt, and every once in a while there's some gold in there."
What's scary, he said, is hackers don't have to be sophisticated to exploit the flaw, which can expose what are considered a website's crown jewels, the encryption keys that protect online communication.
"In a compromised system, every single thing you wouldn't want exposed is potentially wide open," Lopresti said.
The problem was announced publicly last week. If you're looking for a more technical explanation, go to http://heartbleed.com.
The first accounts of breaches attributed to Heartbleed came this week. The Canada Revenue Agency said the personal information of about 900 taxpayers was stolen. A British parenting magazine also has confirmed that its systems were compromised.
While it's important that you be aware of what is going on, you can only do so much about Heartbleed. We're at the mercy of the technology world to make sure websites are secure. All we can do is change our passwords and hope for the best. And monitor our accounts for trouble in case any of our information bled out.
The tricky part is determining whether the websites we use were vulnerable, and if they've been fixed. The same goes for the hardware we use to connect our computers to cyberspace.
Computer experts say that once you know an affected website has been fixed, you should change your password. If you don't, hackers who may have stolen your password while the hole was open still could access your account.
You're probably most concerned about your online banking and other financial transactions. So is the Federal Deposit Insurance Corp., which last week issued an alert saying it "expects financial institutions to upgrade vulnerable systems as soon as possible."
But the American Bankers Association told me that banks shouldn't be vulnerable.
Doug Johnson, vice president of risk management policy, said even if banks were using the flawed version of the technology, they have other protections in place that go beyond what other websites such as retailers typically use.
I checked with a few banks such as Wells Fargo, Bank of America and Santander. They told me their systems were not exposed and customers were not affected.
It can be painstaking to check every website you share your information with. Thankfully, several technology sites are compiling running lists of which ones were affected. Those sites include Mashable (http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/) and CNET (http://www.cnet.com/how-to/which-sites-have-patched-the-heartbleed-bug/).
I checked with a few major websites. Here's what their spokespeople told me:
Facebook: "We haven't detected any signs of suspicious account activity that would suggest a specific action, but we encourage people to take this opportunity to follow good practices and set up a unique password for your Facebook account that you don't use on other sites."
Netflix: "We took immediate action to assess the vulnerability and address it. We are not aware of any customer impact. It's a good practice to change passwords from time to time, and now would be a good time to think about doing so."
Google: "We fixed this bug early and Google users do not need to change their passwords."
Go to the company websites for a list of the affected equipment and contact them if you have questions.
"We work with customers running vulnerable products very closely to ensure they take the appropriate steps we have identified and deploy any necessary updates or mitigations in a timely manner," Juniper spokeswoman Cindy Ta told me.
Even if the websites and computer hardware you use were not at risk, you still could be in danger of having your information stolen through "phishing" attacks that exploit fears about Heartbleed.
That happens when crooks send fake emails that pretend to come from your bank or other business saying there is a problem with your account. You'll be asked to log in, click on a link or update your information. Any information you provide will be stolen.
If there's a silver lining in this cloud, people will be changing passwords they should have changed months or maybe years ago. You should change your passwords periodically as a precaution. Use combinations of small letters, capital letters, numbers and symbols so your passwords are hard to guess.
Don't use the same password and user ID for multiple accounts. If one gets compromised, a clever thief may try that combination on other popular sites, too.
The Watchdog is published Thursdays and Sundays. Contact me at firstname.lastname@example.org, 610-841-2364 or The Morning Call, 101 N. Sixth St., Allentown, PA, 18101. I'm on Twitter @mcwatchdog and Facebook at Morning Call Watchdog.Copyright © 2014, The Baltimore Sun