According to a Pew Study, only 64% of Americans have heard about the Heartbleed vulnerability on websites but you still may not understand it. Please pass this on to the other 36% as we’’re going to give you a quick update and a breakdown of what the Heartbleed vulnerability is. Of the 64% that have heard of it, only half have changed their passwords.
It is not a virus but it’s just as bad. The majority of problems we hear about are viruses and so many tuned out thinking it wasn’t an issue for them for whatever reason.
Heartbleed is a hole in the security of what are supposed to be secure sites. When you see “https” before a website name in the browser, it is supposed to be secure. In simple terms, the door was locked but a side window was open.
Should you be worried? Yes, but not frantic. If you came home and found your front door wide open, you would check the house to see if someone was there or something was gone right? You should change your passwords for the same reason.
While there is little evidence that anyone exploited this open window for the two years it existed, I’m sure many bad guys gave it a shot after it was announce. Apparently the Canadian government was hacked the day after Heartbleed was announced, as well as few others. And not all sites are completely secure yet.
According to the guy who found the HeartBleed vulnerability he offers these suggestions in a Reddit AMA (Ask Me Anything):
- Install the Chromebleed (for the Chrome browser) or Foxbleed (for the Foxfire browser) browser extension and not login to the sites that trigger an alert;
- Think hard about all the important accounts one have, and go changing the passwords there (always a good thing); REMINDER: using different passwords is more important than using complex ones, write them down on paper if you need!
- Wait for statements by the affected websites about what might have been leaked.
I remember hearing about an Japanese import car that only had 6 or 8 different ignition keys. Essentially anyone who wants to steal that car has a 1 in 6 chance that his key will fit any of them. That’s what happens when you use the same password over and over.
After this Heartbleed issue happened I decided to download and try LastPass. It allowed me to change my passwords and store them. I was originally against this idea but password managers have proven to hold up and hacks so far so I gave in.
Also, when available, enable two factor authentication. It is the one thing that can really hampen hacking of your accounts.
And the last piece of advice when using payment services, use a credit card. Your money is much more safer there than through a debit card. It can takes weeks to replenish your debit account where a credit card can be reversed.
tl;dr – Change your passwords.