The news which came out recently surrounding the “Heartbleed Bug” may have many people concerned about their password security on many major websites, and for good reason. What exactly is this “bug” and what can you do to protect your personal information?
The Heartbleed Bug (technical name CVE-2014-0160) is a security hole affecting websites who have been using vulnerable versions of the OpenSSL encryption software. According to a Wikipedia OpenSSL article, as of 2014, two-thirds of online websites utilize the OpenSSL software for their security encryption. Essentially, this flaw can allow anyone on the internet to read the affected web servers’ memory, which may include access to sensitive data and the security encryption keys used to keep your usernames and passwords secure.
How to Protect Your Sensitive Information
The first step you want to take is to make sure that the websites you either do business with or with whom you have a username and password set up, have patched the problem and released new certificates. Changing your password without the patches still leaves your information vulnerable if attackers have accessed the encryption keys. LastPass has released a tool to help with the verification process, which you can find here. Avoid visiting websites that haven’t yet fixed the problem.
Once you have confirmed that the fixes are in place, change your passwords. If the website was possibly vulnerable at any time, you will want to change your password.
If you do online business with other small businesses, check to make sure that they are aware of Heartbleed so that their developer or administrator can put the patches in place before visiting their website.
Lastly, it can never hurt for you to keep an eye on your personal and business financial statements for suspicious charges for the next week or so just to be safe.