The heartbleed bug has reportedly been around for a while, but it was only recently discovered. Security researchers revealed that the bug takes advantage of a security flaw in OpenSSL, which gives hackers the opportunity to download "secure" data from popular websites.
Major service providers on the web employ OpenSSL to encrypt your data when you send emails, shop, or chat via IM. Many machines that transmit secure information may have unknowingly been compromised by this bug. Some known affected sites include Github.com, Yahoo.com and OKCupid.com. The companies have since applied a patch to resolve the problem, but users still have to update their passwords.
So how do you protect yourself?
Firstly, use a tool, such as LastPass, to check individual sites. Simply enter a link to the sites you frequent and the tool will verify the sites' status.Below are some other tips to protect yourself .
Rule # 1: Stay away from infected sites
This should be obvious. If LastPass or some other service reveals an infected site, don't try to log into your account until the site administrator resolves the problem. You may need to keep in touch with the company's customer service department in order to get updates on the progress. Remember, logging in and changing your password is not the solution - your information will still be compromised if the company has not applied a security patch.
Rule # 2: Change your password
After the company applies a security patch, you should log into your account and change your passwords. The passwords on your bank account and emails are particularly critical. Don't make it easy for a hacker to guess your password either. Start your password with a strong but catchy word phrase and lengthen the phrase with a word you can easily remember. Longer passwords are better, and including non-alphabetic characters and uppercase letters will also help to strengthen your password.
Rule # 3: Reach out to financial institutions
It was a simple matter for the bug to escape the attention of larger businesses, like Yahoo. How much easier will it be for smaller businesses to remain unaware of this threat? It always pays to err on the side of caution when there's some level of uncertainty. Make sure your financial information is secure especially if you regularly manage your accounts online. Ask your insurance, credit card providers, banks, and other financial institutions about the security features they've put in place to protect your sensitive data.
Rule # 4: Monitor your accounts
Finally, keep a close eye on your financial accounts; at least for a few days. Hackers can obtain your credit card and bank account information from vulnerable servers, so monitor your accounts for unfamiliar charges or withdrawals. Alert your financial institution immediately if you spot unauthorized transactions.
The aforementioned guidelines should alert you to potential risks and provide some form of protection. Internet security has improved tremendously over the last decade, but there will always be some measure of risk when you're using the web. Since Heartbleed affects browser cookies, there's some risk from infected sites - even if you don't log in. If you're concerned about potential consequences, you could always opt for privacy and anonymity when surfing the web. Alternatively, you could avoid the Internet for a few days until the dust settles.
Written By: Scott Whitehead