Unless you have been living under a rock (in which case your probably fine and you don’t need to keep reading), you would have heard about the Heartbleed bug that has made seemingly secure pages, insecure.
Now that the bug has been dismantled (or so we hope) and a young 19 year old arrested (go figure) for it’s development, here is what you need to do to protect your personal and private information.
1.) The important stuff: start by making a list of all the sites that you log on to that have access to your bank account details, social security number and credit card numbers. These are all top priorities and you should absolutely change your password. While some big sites such as Amazon claim they have not been affected it definitely wont hurt to change up your password.
2.) Social Media: next, target all your social media accounts such as Facebook and Twitter. While these giants have claimed that their pages are safe it’s always best to make precautions. Sites like Tumblr have been affected so if you haven’t already, change your password.
3.) Phone apps: firstly, delete all phone apps that you don’t use. Even if you don’t use it, some apps have permissions that can access your location and other phone-related behavior. Take time to change your app passwords and then go through the app security settings to make sure that location and information sharing is turned off.
4.) Cloud: got cloud storage? You will definitely want to change these passwords to protect your files and documents particularly if you have sensitive material such as tax documents.
5.) Government pages: healthcare.gov has already issued a warning to change your password on their site and to be precautions you should do the same for any other government affiliated page.
But before doing all that, heed the words of Rik Ferguson, VP of security research at Trend Micro- “while the vulnerability is probably under widespread exploitation (changing your passwords) isn’t a good suggestion.” Why? “Changing now increases your risk of exposure in the short term as the vulnerability is now public.”
Well, thats confusing.
Bottom line, if you are worried use your browsers extension to see if sites that you visit have been affected. Most big companies would have sent out emails if their sites were affected. You can go to Chromebleed (for Chrome users) or even use Heartbleed scanners.
Changing passwords is a pain, don’t do it unless you absolutely must- that’s my motto with heartbleed anyway.