Friday, April 11, 2014

OH NO, Heartbleed! What do I do?

Right now everyone in the IT community is buzzing about Heartbleed, and talking techie talk about it which likely leaves many people wondering things like "What can I do?"

While I'm not a security expert, being an IT/Developer person there are some basics that are simple to do that most people should be doing.

  • Change your passwords regularly (if you're using your high school locker combo and you're not in high school, WARNING)
  • Keep an eye on your CC statements, don't just pay them blindly (What?  I didn't order 45 Nickel-plated muskrat picklers!)
  • Make sure the url you're at isn't weird. (I wanted to go to www.yahoo.com, not www.igotyourpassword.yahoodler.com)

There are more practices, but those are some of the basics.  Now, what is heartbleed?  Heartbleed, in the simplest sense, is a way for people to peek at what you're typing into some of those secure sites (the https sites that have a little lock next to them in the URL bar).  Normally that lock means that you're secure, but heartbleed got past that security level.  What's worse, it's a server-side problem, so you can't really fix it, just work around it until they fix it.

Now the question everyone's asking... What do I do now?!

Well my advice is this:
  • Change your passwords
  • Keep an eye on your CC statements for fraudulent charges
Sound familiar?  Good, you ARE awake!  Yay, here's a cookie (don't worry, google already gave it to you).  So the part about being server side adds a little hiccup here.  Since the problem is server-side you need to be careful and change your passwords regularly now, even more often than you used to and especially once again when a site confirms that they're now heartbleed free.  The reason?  Because someone might have your password now, so you should change it, but since heartbleed isn't fixed everywhere yet, that means that your new password is vulnerable too.

There's a very good chance that you're safe, and no one has your information...  but isn't it better to be safe rather than sorry if someone got it?

So that's it for today, post your comments, questions, and rants below so I can equally ignore you all, and see you next week!
Posted by at
Labels: , , , ,

1 comment:

  1. UnknownApril 11, 2014 at 1:06 PM

    It's important to note that it only affects servers using OpenSSL, and not every server uses that. Mashable has a list of servers that have been fixed and apparently there's tool you can use to check if a server is vulnerable (both located in this link: http://www.geekosystem.com/test-for-heartbleed-vulnerability-with-browser-tool/).

    But as the article states, you can't find out if a server was vulnerable, so it's probably best to change your passwords regardless.

    ReplyDelete

Subscribe to: Post Comments (Atom)