What does the Heartbleed bug mean for you?
Recently, there has been a great deal of press about something called the Heartbleed bug. So, should this mean anything to you? Read on to find out. Do I have to do anything about the Heartbleed bug? Well, that depends. If you have no email accounts, no ID’s on any websites, or VPN accounts, or anything like that, then no you don’t have to do anything. Oh, you do? Bummer. You need to take action. What happened? The single most common product used to secure websites put out a new version in March 2012 (OpenSSL 1.0.1 through 1.0.1f) that had a programming flaw that went unnoticed. Unfortunately that product is also used to secure email, VPN’s, and other forms of internet communications and related devices. The flaw has been fixed as of OpenSSL 1.0.1g released in April of 2014.
What should I do? If you use online banking, email, or stores and the website hasn’t declared they were never at risk, you should
1. Change your password to a unique password used nowhere else for each online account you have.
2. If applicable, remove all credit card information saved online.
3. Avoid public wifi.
4. Find out when each site will have their service updated and secure, then change your password again.
5. Ask your IT people about your VPN security.
Yes, this is a lot of work, but identity theft is worse.
How bad is it really?
Nobody knows for sure. The flaw was discovered and published (CVE-2014-0160), and people that make their living by testing security verified in less than 2 hours they were able to break their own security and get to confidential information, and left no footprints or clues the hack had occurred. Yeah, that’s kind of bad.Some of the big sites affected were: Google, Gmail, YouTube, Facebook, Yahoo, Yahoo Mail, Tumblr, Flickr, OKCupid and Wikipedia, USAA. Some of the big sites that were not affected (SAFE): Amazon, Mapquest, Bank of America, Capital One, Charles Schwab, Chase, Citibank, E*Trade, Fidelity, HSBC, LinkedIn, Hotmail, PayPal, Scottrade, TD Ameritrade, Twitter, U.S. Bank, Vanguard, Wells Fargo
For more information:
https://www.schneier.com/blog/archives/2014/04/heartbleed.html
http://gizmodo.com/heartbleed-why-the-internets-gaping-security-hole-is-1560812671
http://www.zdnet.com/heartbleed-serious-openssl-zero-day-vulnerability-revealed-7000028166/
http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/