So, what should you be doing about Heartbleed?
1. Know what it is: Heartbleed is the name of a major security vulnerability that may affect nearly two-thirds of websites online. It’s a severe situation potentially exposing your login information—your username and password—and other sensitive information about you.
2. Try to find out if the online service you are concerned about has updated their servers in order to compensate for the Heartbleed vulnerability. Do not change your passwords until you’ve done this. A lot of outlets are reporting that you need to do this as soon as possible, but the problem is that Heartbleed primarily affects the server end of communications, meaning if the server hasn’t been updated with Heartbleed in mind, then changing your password will not have the desired outcome. Mashable has a list of popular websites affected by the Heartbleed vulnerability. View that list, but keep in mind that this list is not comprehensive, but it is an excellent place to start.
3. Don’t be taken in by a phishing attack trying to get you to change one password on various services. Don’t go to a site where you want to or need to change your password from a link in an email sent about your password. Instead, manually head to the website yourself, log in, and then, change your password.
4. Keep an ear out about Heartbleed and other related security flaws, do some research on them, and then make the appropriate changes.
5. Think about getting a Password Manager program like 1Password to help you keep track of your passwords, let you change them easily and efficiently, and keep you from being tempted to use the same password for more than one site.
6. Understand that Heartbleed may just be the tip of the iceberg. Heartbleed "underscores the possibility that there are potentially so many vulnerabilities out there right now, right under our noses, that we don't quite realize. One of these days someone will -- and I hope the good guys find it first," Verizon's Bryan Sartin says.
Recent Comments