Wednesday, April 9, 2014

Heartbleed

With the latest news about the Heartbleed vulnerability in what we thought were safe sites - now is a good time to update your passwords.  ALL your passwords.

The first thing you want to make sure of, though, is that the site you are updating for is safe.  I recommend you test the site - if is all good, then change your passwords.

If you are like most of us... you probably have a ton of accounts out there that need updating.  This is also a good opportunity to make sure each account is unique and secure - and a tool to manage your passwords can help you get that in order.  I use 1Password by Agilebits to manage my own passwords. There are similar tools available including LastPass; Roboform; and KeePass among others.

The Heartbleed vulnerability has been at large for about two years - so any servers that were using this version of SSL to encrypt their websites will have been vulnerable ... what isn't known is whether any hackers out there were actually taking advantage of the vulnerability.  And, since the "listening in" doesn't leave any tracks, we may never know.  It is important to do what you can to keep your digital self safe - secure your passwords; monitor your credit card transactions to be sure your card doesn't become compromised; don't email private information including passwords, PINs and credit card numbers... This is good advice to follow all the time - not just in the face of a found vulnerability.

UPDATE: Here's a list of sites from Mashable of passwords to change right away.
(Google doesn't think you need to worry about changing your password - but better to do it anyway... especially if you haven't done it in a while.)

UPDATE 2:  Here's a summary of the issue courtesy of Business Insider.

No comments:

Post a Comment