What to do About Heartbleed
April 24, 2014
Heartbleed. You’ve heard about it on the internet, but you’re not sure if it’s computer virus or a scary physical condition. Well, it is a bug on the internet, a very sinister one; and it can affect your private information on sites that are normally considered very secure.
What is it?
Basically, the Heartbleed Bug exposes a vulnerability in OpenSSL encryption, and steals protected information online. Any website secured by SSL is open to an attack if it has not created a patch specifically for Heartbleed. You can tell if a site uses SSL by indicators within your browser; if the URL starts with https or displays a lock icon, it is SSL secured. The Heartbleed Bug can access and expose any of your private information on any of these sites, including your usernames and passwords, and even payment information. You need to check the sites where you have accounts to verify the threat level before you continue using their services.
How to Protect Yourself
One of the first things to do is check to see if the site or app you’re using has released a patch or update to fix the vulnerability. The site may have made a public statement, sent you an email, or asked you to update to a newly secured version.
Once the site has secured itself, you need to reset the password on your account/username.
CNN provides a comprehensive list of services where your passwords should be changed, as well as a list of services where passwords are safe to stay the same. Repeat these steps to make sure the site has patched security holes and then change your password for each site on the list that you use. If the site has fixed its Heartbleed vulnerabilities and you’ve made a new password, your personal information will be safe from Heartbleed threats.