Heartbleed: What you should do (and not do) to protect your data

Don’t change your password (except for in certain instances). Don’t update security (unless it is the pre-approved software fix). Maybe just stay off the Internet for a few days (seriously). With Heartbleed, the security flaw that could affect two-thirds of all websites, all bets are off.

|
Robert Galbraith/Reuters/File
The Yahoo logo is at the company's headquarters in Sunnyvale, California. Yahoo is one of the major companies that has been deemed vulnerable in the massive Heartbleed attack.

It’s likely you have seen the open-source encryption code OpenSSL without realizing what it does. The software encrypts information on websites, such as passwords. Two-thirds of websites are estimated to use the code.

However, cybersecurity researchers now know that the system was flawed. The issue may have gone undetected for more than two years, allowing hackers to run a program, nicknamed Heartbleed, that revealed encryption keys and browser history, offering easy access to passwords and private communication in an undetectable way. After the story broke Monday night, researchers have been scrambling to find a solution that has affected websites as large as Yahoo.

When cybersecurity breaches break, the usual protocol is to change your password and update security software as soon as possible. However, Heartbleed is a bit different. Since the hack is untraceable, it may be impossible to know if your data has been breached. If a website you use hasn’t updated its security to fix the problem yet, hackers could grab your password as you change it (without you realizing). Though a new version of OpenSSL that patches the bug has been released, not all websites have updated their systems.

Here’s how to keep your information safe online while the Heartbleed situation gets under control.

Check if the websites you use are vulnerable

The scope of the problem isn’t yet confirmed, so before entering any sensitive information into a website, double check to be sure it is safe. Use this Web page to check if a website is vulnerable, and if it is, wait until the site has confirmed it has updated its security before you input any sensitive information.

Early monitoring of the situation found that websites such as Yahoo, OkCupid, and Eventbrite were vulnerable, though some have begun making the necessary security fixes. Here is an updating list of websites and whether they are affected. Even if a website is in the clear, use caution while inputting information in the next few days.

Don’t rush to change your passwords (but if you really want to, change the important passwords first)

“Security experts suggest waiting for confirmation of a fix, because further activity on a vulnerable site could exacerbate the problem,” CNET found.

Once you have confirmed that a website has updated its security, change passwords on bank accounts and e-mail, even if it has an extra authentication step.

However, if it isn’t a must-use website, it wouldn’t hurt to stay away from the site for a few days until the fallout becomes clearer, just in case a hacker is still tracing password changes. Tor, the browser that maintains anonymity for users, suggested those who are very concerned about privacy may just want to stay offline for the next few days (its clients, relays, and hidden services were affected by the bug).

Monitor bank accounts and keep an eye out for any unusual activity

As hackers could have gained access to saved credit card information, in addition to passwords and private information, it may be a safe bet to keep an eye on bank accounts. Even if your bank isn’t a vulnerable site, Heartbleed may have latched onto cookies which can reveal your history (and therefore provided a potential window into secure information) if you visit any vulnerable website. Aside from major websites, such as Yahoo, which are certainly working to make a fix, don’t be afraid to reach out to smaller businesses that may have your sensitive information online as well to ensure they are working toward a solution.

If any unusual activity occurs, contact your bank.

Stay tuned

As the breach was just revealed on Monday night, there is no doubt that most companies’ tech teams are working around the clock to update the code as well as attempt to figure out whether user data was compromised. However, there is still a lot yet to be revealed about the bug. Keep up to date to find out whether your data has been compromised.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Heartbleed: What you should do (and not do) to protect your data
Read this article in
https://www.csmonitor.com/Technology/2014/0409/Heartbleed-What-you-should-do-and-not-do-to-protect-your-data
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe