How to Protect Yourself from the Heartbleed Bug
Heartbleed is an OpenSSL vulnerability that allows anyone to access and read encrypted data sent between your computer and a server; disclosing usernames, passwords, and other confidential information. Heartbleed was discovered and patched April 7th, 2014. This bug was introduced in OpenSSL version 1.0.1, which was released March 2012.
The chance that one or more of your online accounts is compromised because of this bug is very high; OpenSSL is used by over 60% of websites worldwide to encrypt personal data.
This article will help you protect yourself from attackers who may have exploited this bug to gain your confidential data.
1- Discover which services you use are affected by Heartbleed. There are two Heartbleed checkers; one made by LastPass (https://lastpass.com/heartbleed/), and one by 1Password (http://watchtower.agilebits.com). It is recommended to check each site in question with both tools.
2- Find out if the service has patched the bug. If they haven’t made a public announcement, you may have to contact the webmaster and ask what their current status is. Below is a short list of popular websites that have patched Heartbleed recently.
- Google (Gmail)
3- If a website has not patched the bug, leave your account as is, whether logged in or not. If you are logged out, logging in may allow a hacker to exploit the bug and obtain your personal data.
4- Change your password on sites that have patched Heartbleed. Because it is possible that an attacker already has your username and password, it is critical that you change your passwords – not just on websites that were affected by Heartbleed, but also on websites that share the same login credentials as an affected website. This is a great opportunity to find a trustworthy password manager and create a unique password for each account.