With so much news about the Heartbleed bug, it has become difficult to differentiate between what's just media hype and what you should actually be concerned about. So we've pulled together some information and resources to help clear up the noise for you.
What is Heartbleed
Heartbleed is a security bug found in OpenSSL, the most popular method used to encrypt traffic on the Internet. It could allow hackers to intercept the usernames, passwords and other personal information of users on any website with OpenSSL.
Most popular social media, retail, email and even government sites have been impacted. Major sites including Facebook, Google, Gmail, Pinterest, Yahoo, YouTube and many more confirm they were impacted. The good news is many financial institutions were not affected.
Heartbleed researchers just published their findings last week, but report that the bug may have been around for two years. While there is concern that this vulnerability has existed for so long, there has been no evidence to show that any data was lost due to Heartbleed.
What You Should Do
The Heartbleed security flaw has been fixed in the newest version of OpenSSL, but you should change your passwords on all of the sites affected by the bug just to be safe.
As a best practice, you should change your passwords regularly and you should never use the same username and password combination at more than one website. Update your passwords today and then set reoccurring reminders at least once each quarter year in your calendar now so you don't forget in the future. For more password advice, read our post on how to create secure passwords.
Helpful Heartbleed Resources
The Heartbleed Bug
The company that discovered the vulnerability has set up a website with technical FAQs at www.heartbleed.com.
Heartbleed Information for Identity Guard Members
Identity guard has compiled a list of FAQs and tips for our members.
Find Out if a Website is still Vulnerable
Most major websites have already released updates to fix the Heartbleed bug but if you want to check to be sure, there are a lot of test sites where you can check to see if the site is exposed. Heartbleed Test is one we found useful.
You may want to consider using a password manager tool which will help you to remember all of your passwords in one place. Password Managers would not protect against the Heartbleed bug, but they would make accessing all of your online accounts Identity Guard offers SafeConnex, a software that securely stores your passwords and log in information with a single PIN. This software is free even if you don’t have an Identity Guard membership. You can learn more and download SafeConnex now.