heartbleed_explanation

How Heart Bleed works

I am sure everyone has heard of the Heart Bleed security flaw that is affecting systems that use Open SSL.  Many may be wondering what the best course of action is at this time.

Many may make the knee-jerk reaction to run out and change all their passwords right away.  While it is something that is going to be needed soon, it will not do much good until that site has patched the problem of the flaw, as if the flaw is still in place your new password would only be compromised as well.  My advise would be to first check out your banking and financial sites you use.  They should have a notice on the home page on if they were affected by this bug or not.  I noticed that Chase, Bank of America and Capital One to name a few were not affected, so your password is secure.  However if you use those passwords on other sites that might have been affected you should change all your finance, and email related passwords right now.

Another recommendation would be to find a good password management software to use.  There are some that are no cost, and others that are less than 50 dollars.  I use 1Password myself, and it makes changing and storing passwords very easy.  I have the software create 15 character random passwords for all the sites I use.  This gives me the highest level of protection, and I do not have to remember all the passwords that are needed for all these websites.  The best practice is to have a unique password for every site you visit, and then to change that password every few months.

Once all the various websites get patched, and you can check for yourself if sites are affected or not by using the Qualys SSL Server Test, then you are going to want to change all your passwords yet again.  Sites such as Google, Facebook, Yahoo, Youtube all have been patched and are safe, and they recommend you change your password right away.  Other sites such as Amazon, Apple, LinkedIn, Ebay, and Twitter reported that they were no affected by this bug.

From what I have learned that while this bug has been around for years, it appears that hackers did not know about it, and so it may not be too bad.  However they do know about it now, and it is a race for companies to patch their system and for users to change all their information before a hacker can gain access to your data.  Follow best practices for password security is something we should always follow.  I know it is a pain, however in the long run you will be glad you did.

Image credit: XKCD

Leave a Reply

Your email address will not be published. Required fields are marked *

three × 2 =