Are you affected by the Heartbleed Bug?
The recent Heartbleed bug has been dubbed the biggest security threat the internet has seen. The vulnerability affected a huge number of popular and well-known websites and a large proportion of users ran the risk of having their sensitive account information exposed. Perhaps the most worrying thing is the fact that the Heartbleed bug has been quietly thieving in the background for the past two years.
You’re likely to be directly or indirectly affected by Heartbleed. The bad news for internet denizens is the unfortunate fact that there is very little to be done. It’s the responsibility of internet companies to upgrade servers and security protocols to combat this insidious threat. When those companies do that however you’ll have the opportunity to take action.
Introducing the Heartbleed Bug
Effectively the issue involves security certificates and encryption software called OpenSSL. This is an open-source set of libraries that serve to encrypt online services and make websites ‘secure’. The HTTPs in the URL has an S that represents the word secure and this solution makes up 56% of websites. Worryingly the Heartbleed bug affected half of that number and in theory, a cybercriminal could exploit networks by making requests that targets users sensitive data.
Funnily enough however there hasn’t been any indication that hackers managed to exploit this before researchers at Google located the problem. So, the Heartbleed bug didn’t quite manifest in its worst possible instance; however, it could have. The scariest part is that hackers could have infiltrated a number of big name websites and extracted any information they wanted.
However there hasn’t always been clear information on which sites were affected by the bug. Further to this, as the vulnerability also affects network hardware such as routers, vendors too are on the clean-up case. That’s still the case unfortunately but let’s have a look at some things you could do to avoid further data loss and retain your privacy online.
Plan of attack
If you fear that you’ve been targeted and want to check, there’s a handy online tool that can help. It’s called the Heartbleed Checker and it lets you enter a URL of any website to ascertain if its vulnerable to the bug and whether or not the site has issued a security patch. Mashable has also provided a list of websites that were affected. Information is key here and it’s worth knowing if your details have been exposed in order for you to take the necessary steps to protect your information.
Users that discover their sites or sites that they use listed should immediately change passwords, especially for major accounts. Email, banking, and social media logins are all vulnerable and you should make sure that you have new secure passwords. Make sure that the site itself has reissued digital certificates that might be vulnerable as if they haven’t changing your password wont do much good.
The main cause for concern is websites that have sensitive user information on them. Big social media sites and dating websites were all exposed, but the good news is that most of those sites have released patches and updates – users should go and change passwords right now.
Make sure that your favourite websites have updated their servers and negated the dangers of the Heartbleed bug before changing passwords. This is especially true now that the bug has been named. Changing a password on an unsecure site is completely counter intuitive and ultimately pointless.
There are exceptions
It’s not fair to say that every website using OpenSSL web servers was affected and it looks like Facebook, Twitter, WordPress, and Amazon all escaped unscathed. Facebook and Google did release security patches, but it looks like that was merely preventative instead of necessary. There are some websites that aren’t considered in danger of the Heartbleed bug and some of those are AOL, Foursquare, and Evernote.
Microsoft is also not vulnerable to the bug but again users should use the Heartbleed Checker mentioned above and make certain that their data is safe. If in doubt, don’t rely on sites to protect you, it’s up to you so make sure that your information is out of harms way.
The internet companies that were vulnerable to the bug have mostly patched their servers and users should change their passwords immediately. However this is no guarantee that your information wasn’t already stolen. Users can find some solace in the fact that it seems that hackers had no knowledge of the exploit until recently.
Most companies are advising customers to change their passwords as a precautionary measure. However also bear in mind that many security advisers have said that changed a password before the situation is addressed is pointless, and it’s been said that the clean-up could take many months.
Passwords should be changed regularly
It’s a good lesson really and also a good practice to adopt – passwords should always be changed regularly. The other thing that many internet users do is to have the same password on multiple accounts and if only one of those sites was vulnerable you’ll have to change all of those passwords. Remember it’s bad practice to have the same password for more than one website.
It seems then that what can be done is being done. Internet users only have the option of changing passwords in response to the insidious Heartbleed bug. But there’s an example here and internet users should be much more security orientated. Passwords should be original and used only on one online profile or website; the best way to protect yourself using passwords is to use a password manager to store and generate all passwords for you.
The Heartbleed Bug has revealed a number of problems with security online. Proactive internet users should use this as an example of why good password and security choices are a must. Check what websites were affected and alleviate the fear that it could happen again. Be smart online and make sure that your passwords are different for all of your various logins and often disparate online prescience’s.
Photo Credit: nate steiner via Compfight cc