IT Nota

Heartbleed Bug, What You Need to Do

Patched heartbleed bug For the past two years (since March 2012), millions of websites may have been leaking sensitive data due to a major flaw in the OpenSSL software that are used to encrypt and transmit Internet data.

The Heartbleed bug as called by the researchers who discovered it, would enable hackers to obtain a compromised site’s encryption keys, which makes all passing data basically available for them to see. What makes it worse is that this type of attack would leave no trace. Considering so many websites used the affected versions of OpenSSL, the potential damage could be serious.

The good news is as this security flaw was discovered, many major companies are already patching their websites.

Affected Sites

  • Yahoo
  • Google
  • Facebook
  • Dropbox
  • Amazon
  • Intuit (TurboTax)
  • Many others…

For any other sites not listed, check their vulnerabilities by using this LastPass Heartbleed checker.

What You Need to Do

Until the affected websites fixed the vulnerabilities, you can’t do much because you could very well be handing over your new password to an undetected hacker. But once they patched their OpenSSL, you need to change your password right away. At this point the sites mentioned above have already patched their sites, so it’s safe to change your password.

If you have a habit to use the same password for all your online accounts, then you need to change your password even for all sites, because your password is already compromised from the affected services. Hackers can still use that same password to gain entry to your account for the unaffected websites.

Don’t Use the Same Password for Multiple Websites

It bears repeating with this latest discovery that it’s never a good idea to use the same password for multiple accounts. Even if you didn’t want to use a unique password for each online account you own, at the very least do so in a group. So use one password for critical sites such as your online banking and tax, another one for emails, a different one for other less important sites. Make sure you also follow these safety tips for social media.

Further Reading

Here’s What You Need to Know About the ‘Heartbleed’ Bug That’s Attacking Millions of Websites
What Should You Do About the Heartbleed Security Flaw?
The Heartbleed Aftermath Drags On: What Passwords You Need to Change Now
Not just websites hit by OpenSSL’s Heartbleed – PCs, phones and more under threat
Difficulty of Detecting OpenSSL Heartbleed Attacks Adds to Problem

Buy me a coffee?

Buy me a coffee If you find any of the articles or demos helpful, please consider supporting my work here, you'll have my big thanks!

Recent Posts

Tags

.NET .NET Core AdSense ASP.NET Cdonts Dll Classic ASP Code Editor ETL FSharp Genesis Framework Git Google HP Asset Manager HTML5 Hugo IIS Information Security Internet Internet Information Services iOS JAMStack Linux macOS Microsoft Microsoft SQL Server MVC PHP PowerShell Python Simple Mail Transfer Protocol Smtp Server SQL SQL Server SSIS SSMS SSRS Sublime Text Visual Studio Visual Studio Code VPN Windows Windows 8 Windows 10 Windows 2012 Windows Server