Pages

How to Protect Yourself from the Heartbleed Bug

4/11/2014

Heartbleed is a recently discovered bug in OpenSSL that allows anyone to access and read any encrypted data sent between your computer and a server; disclosing usernames, passwords, and other confidential information.


The chance that one or more of your online accounts is compromised because of this bug is very high; OpenSSL is used by over 60% of websites worldwide[1] to encrypt personal data.


This article will help you protect yourself from attackers who may have exploited this bug to gain your confidential data.


EditSteps



  1. Discover which services you use are affected. There are two Heartbleed checkers; one made by LastPass (http://ift.tt/1koQdjV), and one by Filippo Valsorda (http://ift.tt/1kkYl58). It is recommended to check each site in question with both tools.
    Heartbleed check.png


  2. Find out if the service has patched the bug. If they haven't made a public announcement, you may have to contact the webmaster and ask what their current status is. Below is a short list of popular websites that have patched Heartbleed recently[2] .
    Heartbleed patched two.png


    • Facebook

    • Google (Gmail)

    • Yahoo!

    • Tumblr

    • Pinterest

    • Dropbox

    • Wunderlist

    • GitHub



  3. If a website has not patched the bug, leave your account as is, whether logged in or not. If you are logged out, logging in may allow a hacker to exploit the bug and obtain your personal data.
    Heartbleed login two.png


  4. Change your password on sites that have patched Heartbleed. Because it is possible that an attacker already has your username and password, it is critical that you change your passwords - not just on websites that were affected by Heartbleed, but also on websites that share the same login credentials as an effected website. This is a great opportunity to find a trustworthy password manager and create a unique password for each account.
    Heartbleed password two.png



EditTips



  • Using strong and unique passwords will help prevent widespread hacking should one of your accounts become compromised.

  • If you have concerns about privacy or anonymity, consider staying off the Internet for a few days while things cool down and servers are updated to the latest version of OpenSSL.[3]


EditSources and Citations




Cite error: <ref> tags exist, but no <references/> tag was found








Article Tools




Labels: