You’ve probably heard about the gaping security hole discovered on the Internet, recently. The bug, otherwise known as Heartbleed, has proliferated the World Wide Web for two years in the most critical of all places — Open SSL. For any one who’s hearing about this for the first time, Heartbleed is the result of a coding error that went undetected in one of the most popular encryption softwares used by business online. What’s most disturbing about Heartbleed is that the damage is still unknown.
Heartbleed is widespread and has left online retailers, email providers, and any other institution that uses OpenSSL the last two years vulnerable to hackers. Mobile phone users are equally at risk. Think of it as leaving the front door of your home open for 24 months. If you think the Target breach was big, think again, because that breach that affected over 100 million consumers pales in comparison. One of the biggest concerns with Heartbleed is that criminals who’ve exploited it could issue fake security certificates for phony websites that are indiscernible from their authentic clones’.
What You Should Do
If you’re unsure a service you used in the last two years has been affected, call them, first, before resetting your password. Many affected companies have already reached out to their customers and members, either telling them not to worry, because they don’t employ Open SSL, or because they’ve already installed the necessary patches. The risk of changing passwords before the holes are patched is that reset passwords could be stolen. So, double-check.
Additionally, here are a few quick steps you can take to further protect yourself:
- Verify that the websites you visit are authentic by using this free tool
- Check debit, credit card, and bank statements
- Monitor your accounts and review your credit reports
- Check your firewall and security software on all computers at home
- Unless it’s a trusted source, avoid using public WiFi (if possible create your own mobile hotspot)
- Adopt 2-step authentication on your accounts, when available
- Install a tool that scrambles keystrokes on your computers
So, if you can, take the few extra minutes to read the morning’s headlines. Simply paying attention can save us a lot of heartache, or in this case, a heart bleed. Visit Hacker News for a partial list of the websites affected by Heartbleed.