Heartbleed: What You Need To Know
News broke on April 7th about an online security vulnerability that may very well have affected up to 500,000 different websites. They’re calling it Heartbleed, and in some circles it is being hailed as the end of the internet. Now, we don’t quite buy the whole “end is near” schtick, but we do think that it is important to protect yourself in the face of such a major security flaw.
What is Heartbleed?
Do you remember in December when we recommended that you only submit your personal information to websites with a URL beginning HTTPS://? The “S” indicates that the site has been security encrypted, so you can send info electronically without the fear that it will be compromised. Unfortunately, many of these sites use OpenSSL security encryption software, and that is the software that has been found to be vulnerable to Heartbleed.
According to CNET, Heartbleed exposes your usernames and passwords to hackers. In some cases, the hacker can even access a site’s cookies, or their tracking software, to access credit card numbers and other valuable information stored in the browser. The biggest fear about Heartbleed however, is that a hacker can potentially make copies of a server’s security keys and then create a copy of the website itself.
What can I do to protect myself?
The worst news about Heartbleed is that the vulnerability isn’t new; in fact, the problem is two years old, so the best you can do is change your passwords. But before you do that, is important that you make sure the site you are changing your password to has already applied the patch to fix the problem. CNN Money has started a list of sites that have already made the change. Check it out here.
Because you are bound to be changing a lot of passwords in the coming months, we recommend that you look into using a password manager like LastPass. Not only will it store all your passwords for you, but it will also help you randomly generate new ones. Instead of remembering new passwords to dozens of different sites, all you have to remember is the master to access all of them.