Skip to main content

Heartbleed – What Can You Do To Stay Safe?

Heartbleed – What Can You Do To Stay Safe?
The Heartbleed SSL vulnerability is making headlines around the world – and misreporting in the press and online is causing confusion. How can you stay safe and ensue your personal details aren’t leaked?

What Is Heartbleed? Well, It’s Not A Virus
muo heartbleed help https   Heartbleed – What Can You Do To Stay Safe?
Ignore The Hype & Don’t Panic
muo heartbleed help dontpanic   Heartbleed – What Can You Do To Stay Safe?
The Phishing Riskmuo heartbleed help pinterest   Heartbleed – What Can You Do To Stay Safe?
So, Should You Change Your Passwords?muo heartbleed help password   Heartbleed – What Can You Do To Stay Safe?
Check Which Websites Have Been Patched
Conclusion: It’s a Waiting Gamemuo heartbleed help heart   Heartbleed – What Can You Do To Stay Safe?

You’ve probably heard Heartbleed described as a virus. This isn’t the case: in fact, it is a weakness, a vulnerability in servers running OpenSSL. This is the open source implementation of SSL and TLS, the protocols used for secure connections – those that begin https:// rather than the usual http://.

This vulnerability – more commonly referred to as a bug – essentially creates a hole through which hackers can circumvent the encryption. Confirmed on April 7th 2014, it occurs in all versions of OpenSSL except 1.0.1g. The threat is limited to sites running OpenSSL – other SSL and TLS libraries are available, but OpenSSL is employed widely on servers around the web. A fix for the problem exists, but this may not have been applied to the websites you regularly visit for secure activities. These might be online shopping, gambling and other adult themed websites or even social networking.
As a result, all manner of personal and financial information could be at risk.
To get an idea of how big a deal Heartbleed is (and why it is so-called), Ryan has recently put this Internet-spanning bug into context. We should underline that Heartbleed is an Internet-based vulnerability and therefore affects users of all operating systems, desktop and mobile.
So, it’s a big deal – but what can you do about it?
Well, there is one thing you shouldn’t do: panic. A lot has been written across the Internet and in the printed media in the past few days and a lot of it is hype, doom porn that would put the effects of Orson Welles’ famous War of the Worlds radio broadcast to shame.

Much of what you have already seen will have been cobbled together from press releases and other reports by journalists unfamiliar with the terminology and a lack of clear understanding about the risks.
For instance, you might know that you should change your passwords immediately (not entirely true, we should add – see below). But did you know about the phishing risk?
Responsible web services, banks and social networks that have been affected by Heartbleed will drop you an email to let you know that they have repaired the vulnerability and recommend that you change your password.
Naturally, you should do this – but be aware that this situation presents an ideal opportunity to phishers to start sending fake emails, complete with embedded links to the “change password” page – in reality, a website designed to harvest your details.

None of the services you use should recommend you click on a change password link in an email sent unsolicited email. Unfortunately, IFTTT did, as did Pinterest (above). This is bad practice and gives the impression that such a link is acceptable and should be clicked.
Unless you have requested the email, such a link should not be clicked.
Heartbleed password reset emails should not include login links. If they do, delete them, then visit the website by typing the address into your browser (or selecting it from history or favourites depending on how you roll with these thing). From there, reset your password…
…but only if you actually need to at this stage.
Unfortunately, the PR-driven need for companies to look like they are doing something about threats like Heartbleed can prove to be just as damaging as the threat itself.
One of the main pieces of Heartbleed advice in circulation is that you should change your passwords immediately.
All of them.
This, sadly, is an example of the misinformation I referred to in the intro. Say you use the same password for several websites. First of all, this is bad practice and you should reconsider doing it in future (not to mention create more secure passwords).

Second, if you indiscriminately change all of your passwords, the chances are you’re going to do so on a website that isn’t running on a patched server – one upon which Heartbleed is still a vulnerability.
Inadvertently you have potentially shared your old password and your new password with those that are able to exploit the vulnerability for their identity fraud and spam operations.
As such, you should only change your password on a site-by-site basis when you know they have been patched – that is, the fix has been applied and the vulnerability closed.
Get started by checking which websites are free from the Heartbleed vulnerability.
There are two ways to do this. First, head to Mashable where an up-to-date list of big-name websites affected by Heartbleed can be found, along with advice as to whether you should change your password or not.
For the smaller websites, this excellent search tool will tell you instantly whether or not the site has been patched.
An alternative is the Chromebleed Checker extension for Google Chrome.
If the websites you use have been affected and have not yet patched the Heartbleed vulnerability, avoid logging in until the situation is resolved.
Dealing with the Heartbleed storm shouldn’t be a problem for most. Stick to the course we’ve advised above, and don’t change any passwords until you’re instructed to do so by the corresponding websites and services.

You can also use new tools to check if the website you plan on visiting (or even the one you run) has been affected, and whether a fix has been applied.
Most importantly, stay safe and be patient. The potential for Heartbleed to cause massive problems is still there – avoid any websites that require patching until you know that they are now secure.

Popular posts from this blog

ASUS VivoBook X202E Windows 8 Touchscreen Laptop Review And Giveaway

It wasn’t very long ago when prices of touchscreen Windows 8 laptops soared beyond $1000. Thankfully, those days are behind us, and portable computers can easily be purchased – touchscreen and all – for under $500. That’s precisely the demographic in which the ASUS VivoBook X202E falls. When compared to a high-end laptop, its specifications might seem modest, but for laptop buyers just looking for a way to browse the web, watch videos, use basic apps, and not spend too much money, something in this budget is perfectly suitable. The question is, of course, how does the ASUS VivoBook X202E compare to others on the market, and is it the one which you should be spending your hard-earned money on? Well, you’re just going to have to keep reading to find out. Best of all, we are giving away an ASUS VivoBook X202E to one lucky winner. Keep reading for your chance to take home this Windows 8 touchscreen laptop! Introducing the ASUS VivoBook X202E Laptop The ASUS VivoBook X202...

Samsung Galaxy Note 3 N9000 Review and Giveaway

When it comes to massive phones, nothing is more iconic than the Samsung Galaxy Note. It has gained popularity not only due to its size, but its additional features such as a stylus and a larger battery make it a more useful phone. Samsung released the third generation of the Galaxy Note in October, updating the phablet with a larger screen and improved hardware. Read through our review, then join the giveaway to win the  Samsung Galaxy Note 3 ! Competitors Of course, other Android competitors haven’t let the $640  Galaxy Note 3  be the only player in the phablet market. There are others such as the  Sony Xperia Z Ultra , the Samsung Galaxy Mega , and the other more common phones that are reaching 5″ screens such as the  Samsung Galaxy S4 , the  HTC One , and the  Nexus 5 . Unlike the normal-sized top contenders, the Galaxy Note 3 has a bigger screen and larger battery. It also offers specific features (surrounding the S Pen stylus) th...

Samsung Galaxy S5 Review and Giveaway

Few smartphones are as aggressively marketed as Samsung’s Galaxy S5. The S5 can no longer be considered brand-new — but it  is  Samsung’s flagship, at least for the next few months. With a gorgeous screen, a capable camera, a waterproof build, and a user-replaceable battery, the Galaxy S5 has a lot to offer… at least on paper. Let’s find out how good it really is. What Makes This Review Different There are about a million Galaxy S5 reviews out there. Why should you read this one? Two keys points make our review different: We bought our own device . Unlike many tech blogs, we don’t use a review unit Samsung gave us. We went out to the store and bought one, just like you would. This means everything you read here is truly impartial – we owe Samsung nothing. We used it for more than a month . Some sites rush to be the first to publish a review on a new device. That’s not how we do things. I used the Galaxy S5 as my main (and only) Android phone for nearly two months,...