Here we go again. The latest bug to rock our Internet world, Heartbleed, has turned that concept of information security on its head. Even you, trusted reader, are likely to be affected either directly or indirectly. Take, for example, that little “lock” icon that you see when you are logging into a site or entering a credit card number. Businesses and individuals alike rely on that image to assure that the transaction, along with the information that goes with it, is private and encrypted. It turns out, however, that it may not be as secure as we all thought.
Unlike conventional viruses that open access for hackers to download sets of encrypted usernames and passwords (which hackers then have to de-encrypt to use), the Heartbleed bug lets attackers grab small chunks of data as the data flows through from your browser to a server and back. For servers using the vulnerable versions of OpenSSL software for data encryption (which is about two-thirds of all websites, according to Yahoo Tech,) the data that is transmitted is at risk.
There are a growing list of websites that have been impacted by Heartbleed, and that list is being continually updated. If you would like to check a website that you’ve entrusted with your information, you can use LastPass or Filippo to see the latest status.
Meanwhile, even for sites that have no indication of being compromised, changing your password (or passphrase) on a regular basis is advised. Although it requires more effort, it is recommended that a unique password be established for each site that is used, whether it’s email, ecommerce or your bank account. In other words, don’t use the same password for all of your websites. Looking for even more peace of mind? Check out this article from SecureSafe Pro for other great tips on setting up a secure password.