Friday, May 16, 2014

Much Ado About the Heartbleed Bug

What to Do to Stay Safe in the Wake of the Heartbleed Bug
Heartbleed has come and gone, no need to worry, right? Wrong. Since March of 2012, the Internet’s most popular cryptographic library, OpenSSL, has been potentially bleeding information due to a massive security vulnerability. Yes, it’s been patched, but unless you’ve been proactive about your online security, you may still be at risk.

For many it is hard to tell if you are affected since most users do not even know whether a site they visit is using OpenSSL. Many sites that do use OpenSSL have been fairly good about communicating the fact that users need to update passwords, and providing information on what needs to be done. That said, quite a few have been startlingly lax, and either haven’t sent emails out in a timely manner or haven’t sent them at all. I say if in doubt, change everything.

OpenSSL Is Apparently No Longer Vulnerable

The people who maintain OpenSSL fixed the vulnerability just before the bug was revealed to the public. Swapping out the cyberlocks that protected their data, it is up to Internet companies to also create fixes for their own software. Going forward, you are probably protected as long as you’ve updated your password information. The scary part is thatsince OpenSSL ha been vulnerable for the past two years, any information you sent over the Internet could have been compromised.

Though there is little you can do about the Heartbleed bug now, there are steps you can take to ensure you are unaffected if similar issues arise in the future:

·         Remain calm – The vulnerabilities exposed this week have already been secured by all of the major Internet companies, including Google and Amazon.

·         Public Wi-Fi networks are not your friend – Limit your Internet usage to transactions that are not especially sensitive and things you would not mind people being able to see if you are hopping on the Wi-Fi in public places like Starbucks. When in doubt, use a VPN.

·         To see which sites are vulnerable, do a test–There are apps available on the web that will tell you when the encryption on a site was last updated, what type of encryption they use, and if the site is still vulnerable to the Heartbleed bug.

·         Use a VPN – Connect using a VPN if it is offered by your school or company. Or, you can purchase VPN services for fairly cheap. These provide unparalleled encryption above and beyond that offered on most websites. It’s their business to keep you safe online, many of them are good at it.

·         Every few months, change your password – This is a good practice to have no matter what, since so many of our transactions happen online. There are a number of excellent password managers out there that help you generate cryptographically strong passwords, and store them for you so you don’t need to remember them. Change them regularly, and for goodness sake, don’t use the same password for multiple sites!

No comments:

Post a Comment