The “Heartbleed” bug has sent businesses and individuals into attack mode in order to prevent passwords from being disclosed, personal information from being compromised — and ultimately, assets from being stolen.
The problem, which was disclosed last month, involves encryption software called Open SSL, which is extensively used by thousands of websites. The Heartbleed bug can cause sensitive information stored on servers to be disclosed, including passwords, usernames, personal information and credit/debit card numbers.
The vulnerability “can potentially impact Internet communications and transmissions that were otherwise intended to be encrypted,” according to an alert issued by the U.S. Department of Homeland Security (DHS).
The nature of the bug is complex and it is not yet clear exactly how long it has been a security flaw.
Many websites quickly applied patches to fix the vulnerabilities. CNet, an Internet consumer technology site, compiled a list of the 100 most popular websites and checked whether the Heartbleed bug was patched. According to the site, Google, Facebook, YouTube, Yahoo!, Reddit, Yelp, Dropbox and others have fixed the vulnerability.
However, as with any hacking threat, you should take the Heartbleed bug seriously and consider following these steps:
- Change your passwords. This is a good idea to do periodically, but in the wake of Heartbleed, you should do it ASAP. The DHS says that you should only change passwordsafter the vulnerability has been fully addressed at individual websites. Use strong passwords with letters (including capitals), numbers and symbols. Keep passwords long, 10 or 12 characters if possible. To keep track of your various passwords, use a password manager.
- If you have the option to do “two-factor authentication,” take it. This security feature is just as it sounds — to access accounts, you have to type in two factors. For example, it might require a password and then a code sent to your smartphone. It’s not available everywhere yet but it can add protection to help keep your data safe.
- Clear your Internet browser cache, history and cookies. Again, this is a good idea to do on a regular basis. Exactly how to do this depends on the browser you use but here are some instructions for a couple of popular browsers:
· For current versions of Internet Explorer. Go to Tools (an icon with gears). Choose “Safety” and then “Delete Browsing History.” There you can check “Temporary Internet files, Cookies, History,” etc.
· For current versions of Firefox. Click the Firefox button at the top of the window. Select “History,” then select “Clear Recent History.” This opens up a pop-up box that asks for a time range to clear. Select “Everything” and check “Browsing and Download History, Cookies and Cache.” Then, click “Clear Now.”
- Beware of e-mail messages promising instant solutions. Unfortunately, when crisis strikes, many unscrupulous people try to take advantage of others. In the coming days, you may receive e-mails that ask you to click on links to rid your computer of Heartbleed. Don’t fall for it.
- Check your credit card and bank accounts and statements thoroughly. If you see suspicious or false charges, contact the issuer or institution immediately to limit your liability.
- Closely monitor your e-mail accounts, social media accounts and other online assets for irregular or suspicious activity, such as abnormal purchases or messages.
- Ask businesses that have your data if they are vulnerable and what they have done to patch the bug.
- Check for the “s.” After a website you are visiting has addressed the vulnerability, the DHS states you should “ensure that if it requires personal information such as login credentials or credit card information, it is secure with the HTTPS identifier in the address bar. Look out for the “s,” as it means secure.
These are general Internet security tips. There is no way to guarantee that you will not be affected by Heartbleed or other attacks but you can make yourself less vulnerable by taking certain steps.