How to Protect Yourself From the Heartbleed Bug
The internet was buzzing this week with news that an encryption flaw called ‘the Heartbleed bug’ had exposed a collection of popular websites, from Airbnb and Yahoo to NASA and OKCupid, to important security threats. Luckily, the bug was discovered by a member of Google’s security team, and there’s no evidence that the flaw was exploited by hackers. This great article by Mashable explains what Heartbleed means to you, and what you can do to protect yourself.
“The issue involves network software called OpenSSL, which is an open-source set of libraries for encrypting online services. Secure websites — with “https” in the URL (“s” stands for secure) — make up 56% of websites, and nearly half of those sites were vulnerable to the bug. In theory, a cybercriminal could have exploited Heartbleed by making network requests that could piece together your sensitive data. The good news: There isn’t any indication that a hacker caught wind of this; it seems the researchers were the first to locate the problem.
But the scary part is that attackers could have infiltrated these websites, extracted the information they wanted and left no trace of their presence. Thus, it’s hard to determine whether someone ever exploited the bug, or if your account information was compromised.
First, check which sites you use are affected. Next, change your passwords for major accounts — email, banking and social media logins — on sites that were affected by Heartbleed but patched the problem. However, if the site or service hasn’t patched the flaw yet, there’s no point to changing your password. Instead, ask the company when it expects to push out a fix to deal with Heartbleed.
A big cause for concern is related to sites that have your sensitive information, such as Yahoo and OKCupid (most people aren’t logging into NASA.gov with private data). Both companies have since issued a patch to fix the security hole, so users with accounts with those companies — including Yahoo Mail, Flickr and so on — should update their passwords immediately.”