You’ve probably seen some of the security alerts regarding the Heartbleed Bug. This security vulnerability involves the widely used encryption software known as OpenSSL. OpenSSL is used to encrypt communications on the web, with the purpose of protecting you and your loved ones from hackers and the like. This massive security issue has been estimated to affect as much as 2/3 of the web.
While there is a lot of concern over how widespread and pervasive this issue is, there are things you can do to proactively protect yourself from Heartbleed. Here are the steps that are recommended:
First, you need to be concerned about your passwords. Before changing passwords for any given website, you want to be sure that the site is no longer vulnerable and the provider has patched their security by updating their encryption software.
If the website (or application) is vulnerable, it is useless to change passwords, since your new password could also become compromised. If they’ve patched their security, you can move ahead with making the changes.
So, how to find out if a website has applied the Heartbleed Patch?
First of all, it is highly possible the provider has announced this on their blog or sent you an email notification. So, check in the obvious places. However, if you’re still not sure, CNet has also published a list of major sites that have confirmed that they’ve applied the patch; this list is being continuously updated. Mashable has also published a list of websites for which you should immediately change your password. Finally, if you need to take matters into your own hands, you can use this tool to check if a given site is still vulnerable or not.
You want to be sure your new password is as secure as possible. The following are some tools you can use to generate quality passwords:
You might also be interested in reading our article about the best-practices around generating your own passwords.
If you’d like to learn more, here is where you can go to read more about the Heartbleed Bug: Heartbleed.com