HeartBleed Vulnerability No Laughing Matter

By now you have probably heard about the HeartBleed security vulnerability — news about this bug has been so widespread in the last few days that it even made the Tonight Show monologue.  But HeartBleed is no joke — it is potentially the most serious issue to ever have affected the Internet.

A quick technical explanation of HeartBleed: This bug allows remote attackers to read 64k of memory of systems running affected versions of OpenSSL. That means an attacker can potentially pluck out usernames, passwords, the secret keys of SSL/TLS encryption to crack secure communications and other sensitive information, and so on.

hblogoOne important thing to know about HeartBleed is that it does NOT affect every website where you may have stored a password.  It DOES, however, have a good chance of affecting all the most important, sensitive websites, such as your bank, your credit cards, anywhere it is necessary for secure communications on the Web.

What should you do, then?  IMMEDIATELY log in to all of your critical websites (PayPal, bank, credit cards, loans, etc.) and change your passwords.  You can do this for all stored-password sites if you want, but for those less critical, it may be wise to wait around a week, to be sure the vulnerability has been addressed.  After a week, though, you should log in to all of your sites, including the critical ones, and change your passwords AGAIN.

A brief note on passwords: NEVER use the same password across multiple sites, especially critical ones.  Passwords should NEVER be words that can be found in the dictionary, proper names, easily identifiable dates (such as birth dates, anniversaries, phone numbers, etc.).  Passwords SHOULD be at least 13 characters in length, and consist of some combination of numbers, letters (lower- and upper-case), and punctuation.

If you are interested, you can find a Random Password Generator here: https://identitysafe.norton.com/password-generator/

There are also many password-storage programs out there, if you have trouble keeping track.  One free service that comes highly-recommended is Dashlane.  (Thanks, Preston.)

Finally, for an in-depth technical explanation of the bug and what’s being done about it, visit Heartbleed.com.