Heartbleed is the latest internet vulnerability that we all should be keeping an eye on since it is so widespread and went undetected for almost two years. It can put your personal information at risk (email, credit card information, and passwords). At this point, it is unclear if the attackers have been taking advantage of the flaw for the last two years.
Three researchers from Codenomicon discovered the bug and revealed it publicly on Monday. Heartbleed is contained in versions of OpenSSL, an open-source encryption technology. Users can identify the sites that use SSL (Secure Sockets Layer) by a padlock symbol in the browser. This was meant to let us know that the information we were sending over the Internet was secure from prying eyes. This is not the case anymore.
Large companies like Facebook, Google, and Yahoo put out statements saying they have already fixed the Heartbleed flaw in their security systems. How do you know if other institutions have been as proactive as these companies? At this point, you don’t.
What can we take away from this latest online threat?
Use unique passwords across different sites and change them routinely. For example, don’t use the same password you use for Facebook for your online banking. Some experts suggest changing your passwords every six months.
Sites that hold valuable information like your credit cards, banking, and investments all should have different logins and passwords. For the time being, if you can, avoid logging into these sites until companies have had the chance to update their systems. If not, go in and change your password.
Mashable just released a list of passwords you need to change right now because of Heartbleed. Click here.