Valentine’s Day has come and gone, but you’re probably hearing talk of something called Heartbleed, right? For those of you who aren’t sure whether to break out the chocolates or just ignore it, this is something that should definitely get your attention. Heartbleed is a vulnerability in the OpenSSL software that can create security issues for applications and content on the Internet that are using SSL and TLS encryption.
Under most circumstances, SSL/TLS encryption is in place to ensure that your personal information is not compromised, but the vulnerability in the OpenSSL software can allow hackers to get around the security features of the encryption. Your credit card numbers, login names to websites, passwords, and other data becomes at risk and can be stolen through processes that can go undetected.
Because Heartbleed has become a widespread issue, a security patch was announced on Monday detailing the findings and what websites using OpenSSL should do. Server administrators using the tool should apply the patch as soon as possible as the vulnerability can create potential threats when using the Internet for tasks such as online purchases, email, and instant-messaging (IM) applications.
Most websites using OpenSSL have likely already patched their sites, but if you’re still not sure what you should do as an Internet user, here are some general guidelines you can following:
1) If a website has the potential to be affected by Heartbleed, vendors are communicating with their users, so be on the look out for any news or announcements. Social media accounts for these websites is a good place to start. You can use this list of popular websites to find those using OpenSSL that can be affected.
2) Change your passwords. Make sure that you choose secure passwords that are not easily guessed and follow any password guidelines that are provided.
3) Once your passwords are changed, continue to monitor your personal information and the accounts and websites that are used for anything unusual.