Heartbleed bug: 'Your primary defense is changing your password'

Heartbleed bug: 'Your primary defense is changing your password'

BOISE, Idaho (KBOI)  - A serious security software flaw could leave your personal information exposed to anyone on the Internet.

Heartbleed is a bug found in software called OpenSSL. Experts say this software is used by 2/3 of web servers worldwide. It's in place to protect your privacy online, but instead it has essentially been exposing your personal information to anyone who wants to see it.

One local expert says this risk is serious, but not something to panic about. Doug Ooley lives and breathes technology as an information security officer at Boise State University, but even he admits it's hard to explain what Heartbleed is all about.

"We're dealing with cryptography really, so this really is kind of rocket science," Ooley said.

Because the software is so widely used, there's a good chance your information could be at risk.

"If your not concerned about it then you're living on another planet," Jane Paras said, who is visiting Boise.

But other say they aren't worried about the security slip.

"Who would want to read my email or look at my facebook? They can do that anyway," Boise resident Chris Blanchard said. "I don't know what they want out of my stuff, but I'm protecting myself anyway."

Ooley said your user name and password are more vulnerable than credit card information and other personal data. Plus, he said it's harder than it looks for someone to get their hands on that information.

"They'd have to be monitoring the site the whole time to take very small sections of memory and piece them together," he said.

The bad news about Heartbleed is that you may never know if your information was targeted. The good news is that software experts are developing a fix for the bug, and many websites are already using the patch.

All you can really do, Ooley said, is play good defense going forward.

"Your primary defense is changing your password after the patch has been applied," he said. "I think there's reason to be vigilant but that's true with almost all of our information security needs in today's environment."

Experts say you should also keep tabs on your bank account, and check to make sure the websites you use on a regular basis are secure. To do that, click here.