Feeds

Study: Users don't much care about Heartbleed hacking dangers

Pew finds the public less interested in flaw than previous incidents

Internet Security Threat Report 2014

Despite dire warnings from security experts and a massive public awareness campaign, users are less aware of the Heartbleed flaw than other recent security threats.

So say researchers with the Pew Research Center. According to a public survey of 1,501 people conducted by the company, less than one fifth feel they are well versed on the dangers of the flaw, and less than 40 per cent have taken action to protect their accounts.

The survey (PDF) polled users on both the level of their awareness on the data-leaking OpenSSL flaw and the steps they have taken to change credentials which may have been harvested by attackers. The study of 1,501 American adults was taken in the midst of the Heartbleed scare between the 23-27 April.

During that time, researchers found that 60 per cent of adults had heard of Heartbleed in some form, though 41 per cent said that they had "a little" information about the flaw and just 19 per cent had heard "a lot" about it.

Additionally, just 39 per cent of those polled said they had taken steps to secure their accounts against attacks by changing passwords or canceling unused accounts.

Those numbers, say researchers, indicate far less interest among the public in Heartbleed than other recent security threats. Pew studies in the past found that events such as the Edward Snowden data leaks drew heavy interest from more than half of all internet users, while other recent current events have caught the public attention at a higher clip than Heartbleed coverage.

"The Heartbleed story registered roughly the same level of public awareness as the U.S.-Iran negotiations and agreement to allow monitoring of Iran’s nuclear program (in November and December 2013) and Catholic Bishops in the U.S. protesting Obama Administration policies they believe restricted religious liberty (July 2012)," Pew wrote in its report on the survey.

While public awareness is lacking, many of the enterprises and service providers most impacted by Heartbleed have been taking major steps to alleviate the danger posed to their systems by the OpenSSL vulnerability.

While the Heartbleed fix has been a challenge for administrators, end users can (and should) reduce their risk with simple steps such as updating software and firmware and changing up passwords. ®

Remote control for virtualized desktops

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Simplify SSL certificate management across the enterprise
Simple steps to take control of SSL across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these Certificates.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.