April 21, 2014

Share Everywhere

Awareness Is Good Medicine For Heartbleed

You’ve probably heard about the gaping security hole discovered on the Internet, recently. The bug, otherwise known as Heartbleed, has proliferated the World Wide Web for two years in the most critical of all places — Open SSL. For any one who’s hearing about this for the first time, Heartbleed is the result of a coding error that went undetected in one of the most popular encryption softwares used by business online. What’s most disturbing about Heartbleed is that the damage is still unknown.

Heartbleed is widespread and has left online retailers, email providers, and any other institution that uses OpenSSL the last two years vulnerable to hackers. Mobile phone users are equally at risk. Think of it as leaving the front door of your home open for 24 months. If you think the Target breach was big, think again, because that breach that affected over 100 million consumers pales in comparison. One of the biggest concerns with Heartbleed is that criminals who’ve exploited it could issue fake security certificates for phony websites that are indiscernible from their authentic clones’.

What You Should Do

If you’re unsure a service you used in the last two years has been affected, call them, first, before resetting your password. Many affected companies have already reached out to their customers and members, either telling them not to worry, because they don’t employ Open SSL, or because they’ve already installed the necessary patches. The risk of changing passwords before the holes are patched is that reset passwords could be stolen. So, double-check.

Additionally, here are a few quick steps you can take to further protect yourself:

  • Verify that the websites you visit are authentic by using this free tool
  • Check debit, credit card, and bank statements
  • Monitor your accounts and review your credit reports
  • Check your firewall and security software on all computers at home
  • Unless it’s a trusted source, avoid using public WiFi (if possible create your own mobile hotspot)
  • Adopt 2-step authentication on your accounts, when available
  • Install a tool that scrambles keystrokes on your computers

So, if you can, take the few extra minutes to read the morning’s headlines. Simply paying attention can save us a lot of heartache, or in this case, a heart bleed.  Visit Hacker News for a partial list of the websites affected by Heartbleed.


Judy Leary

President at IdentityForce
For Judy, identity theft protection is in her DNA—her dad started IdentityForce’s parent company in the 70s, and in the 80s, she and her brother came on board. She loves her dedicated team and how much they care about every member, partner, and supplier. In addition to protection against identity theft, Judy is passionate about travel (Aruba is her “happy place”!) and giving back. She volunteers for the Alzheimer’s Association, Mazie Mentoring Program, and Sunshine Golden Retriever Rescue. She’s also a proud mom to 2 grown daughters and 3 rescue dogs.

Latest posts by Judy Leary (see all)

Join The Discussion

Your email address will never be published.