What to Do to Stay
Safe in the Wake of the Heartbleed Bug
Heartbleed has come and gone, no need to worry, right?
Wrong. Since March of 2012, the Internet’s most popular cryptographic library,
OpenSSL, has been potentially bleeding information due to a massive security vulnerability.
Yes, it’s been patched, but unless you’ve been proactive about your online
security, you may still be at risk.
For many it is hard to tell if you are affected since most
users do not even know whether a site they visit is using OpenSSL. Many sites
that do use OpenSSL have been fairly good about communicating the fact that
users need to update passwords, and providing information on what needs to be
done. That said, quite a few have been startlingly lax, and either haven’t sent
emails out in a timely manner or haven’t sent them at all.
I say if in doubt, change everything.
OpenSSL Is Apparently
No Longer Vulnerable
The people who maintain OpenSSL fixed the vulnerability just
before the bug was revealed to the public. Swapping out the cyberlocks that
protected their data, it is up to Internet companies to also create fixes for
their own software. Going forward, you are probably protected as long as you’ve
updated your password information. The scary part is thatsince OpenSSL ha been
vulnerable for the past two years, any information you sent over the Internet could
have been compromised.
Though there is little you can do about the Heartbleed bug
now, there are steps you can take to ensure you are unaffected if similar
issues arise in the future:
·
Remain
calm – The vulnerabilities exposed this week have already been secured by
all of the major Internet companies, including Google and Amazon.
·
Public
Wi-Fi networks are not your friend – Limit your Internet usage to
transactions that are not especially sensitive and things you would not mind
people being able to see if you are hopping on the Wi-Fi in public places like
Starbucks. When in doubt, use a VPN.
·
To see
which sites are vulnerable, do a test–There are apps available on the web
that will tell you when the encryption on a site was last updated, what type of
encryption they use, and if the site is still vulnerable to the Heartbleed bug.
·
Use a VPN
– Connect using a VPN if it is offered by your school or company. Or, you can
purchase VPN services for fairly cheap. These provide unparalleled encryption
above and beyond that offered on most websites. It’s their business to keep you
safe online, many of them are good at it.
·
Every few
months, change your password – This is a good practice to have no matter
what, since so many of our transactions happen online. There are a number of
excellent password managers out there that help you generate cryptographically
strong passwords, and store them for you so you don’t need to remember them.
Change them regularly, and for goodness sake, don’t use the same password for
multiple sites!
No comments:
Post a Comment