Buggin’ Out Over Heartbleed: How to Fight Back

Heartbleed bug
Heartbleed bug image courtesy of Gullpress WNA on Flikr

We’ve all been reading about the recent security breaches caused by a large hole in OpenSSL security called Heartbleed. Now what? There are tons of articles out there on things everyone should be doing to protect themselves from potential hazards of the bug, and we’ve compiled the top tips and facts that you need to know.

Get to Know the Enemy
What is the Heartbleed bug? It’s a security vulnerability in OpenSSL that can scrape a server’s memory where sensitive user data is stored, including private information such as usernames, passwords, and credit card numbers.

According to a recent article in Digital Trends, “OpenSSL is a method of encryption employed by many websites that safeguard the data you type into your Web browser. OpenSSL contains a function known as a heartbeat option. With it, while a person is visiting a website that encrypts data using OpenSSL, his computer periodically sends and receives messages to check whether both his PC and the server on the other end are both still connected. The Heartbleed bug means hackers can send fake heartbeat messages, which can trick a site’s server into relaying data that’s stored in its RAM — including sensitive information such as usernames, passwords, credit card numbers, emails, and more.”

So What Can I Do?
CNET lists a few steps to take to ensure the best protection of your personal information until all sites have upgraded to the debugged software:

  • Don’t log into accounts from afflicted sites.
  • Once you receive confirmation of a security patch, change passwords of sensitive accounts.
  • Don’t be shy about reaching out to small businesses that have your data.
  • Keep a close eye on financial statements for the next few days.

Keep Your Eyes Open
Mashable published a comprehensive list of sites that notes which ones were definitely affected and which ones to keep an eye on. Take a look for yourself and act accordingly. Major sites include Facebook, Google/Gmail, Yahoo/Yahoo Mail, Instagram, Pinterest, GoDaddy, Netflix and YouTube.

If you want a more in-depth look at the bug, check out this New York Times article and video on how the security flaw happened, what it means, what people are doing about it, and how to protect yourself in the future. Be proactive about your security, and stay cyber-safe out there!