An encryption flaw called the Heartbleed bug is being called one of the biggest security threats the Internet has ever seen. The bug has affected many popular websites and services, like Gmail and Facebook — and could have quietly exposed your sensitive account information (such as passwords and credit card numbers) over the past two years.
This is a "Must Read": – HowToGeek.com Explains: What the Heartbleed Bug Is and Why You Need to Change Your Passwords Now
How to protect yourself in Heartbleed's aftershocks
Companies know what to do about Heartbleed now. Here's what you, as an individual, need to do now.
Your user-ids, your passwords, your credit-card numbers, everything you place online is potentially in play for hackers. You can not fool around with this.
Get ready to change all your passwords. Yes, every last one of them. Were your favorite sites vulnerable? You can check specific sites with the LastPass Heartbleed checker.
CNET.com has a constantly updating list for the 100 most popular Web sites. Heartbleed bug: Check which sites have been patched,
Once you know your site has the bug fixed then you should change your password right? Wrong.
Ask the company if they really have patched their software AND installed new SSL certificates from their Certificate Authority (CA). Only once they've done both those things should you change your password. And change it to a good password. This xkcd cartoon actually gives great advice on choosing strong passwords.
Next, if your favorite sites or services, such as Google, Yahoo, or Microsoft support two-factor authentication, use it. Yes two-factor is usually a lot more trouble to set up than a simple password. So what? In an increasingly insecure world, you'll need it.
You are not done yet:
You should also clear out all your Web browsers' cache, cookies, and history. That's never a bad idea anyway. You don't want old memorized passwords walking into trouble at an untrustworthy site. To do this with the most popular browsers, follow these steps:
- In the browser bar, enter: chrome://settings/clearBrowserData
- Select the items you want to clear. For example, Clear browsing history, Clear download history, Empty the cache, Delete cookies and other site and plug-in data.
- From the Tools or History menu, select Clear Recent History.
- From the Time range to clear: On the drop-down menu, select the desired range; to clear your entire cache, select Everything.
- Click the down arrow next to "Details" to choose which elements of the history to clear. Click Clear Now.
Internet Explorer 9 and higher:
- Go to Tools (via the Gear Icon) > Safety > Delete browsing history….
- Once there, choose to delete Preserve Favorites website data, temporary Internet files, and cookies.
I know this is a lot of trouble. Take the time to do it.
You're going to see all kinds of e-mails soon about magic solutions to all your Heartbleed problems. They'll all be spam either bearing malware or pointing you to sites that contain malware. There's no quick fix for Heartbleed.
Finally, start checking your bank and credit-card statements very, very carefully. If you've been compromised, chances are all too good that you'll find out by finding bogus charges on your credit cards.
Good luck. We're all going to need it.
Heartbleed info by Sophos
- "Heartbleed heartache" – should you REALLY change all your passwords right away? by Naked Security from Sophos
- "Heartbleed" – would 2FA have helped?
- Anatomy of a data leakage bug – the OpenSSL "heartbleed" buffer overflow. This is the really geeky stuff! by Naked Security from Sophos
- The US government has warned that it believes hackers are trying to make use of the Heartbleed bug. by bbc.com
- Reaction on “Heartbleed”: Working Together to Mitigate Cybersecurity Vulnerabilities – Department of Homeland Security
- LastPass and the Heartbleed Bug – LastPass is unique in that your data is also encrypted with a key that LastPass servers don’t have access to. Your sensitive data is never transmitted over SSL unencrypted – it’s already encrypted when it is transmitted, with a key LastPass never receives. While this bug is still very serious, it could not expose LastPass customers’ encrypted data due to our extra layers of protection.
- LastPass Now Checks If Your Sites Are Affected by Heartbleed – To help our users take action and protect themselves in the wake of Heartbleed, we've added a feature to our Security Check tool. LastPass users can now run the LastPass Security Check to automatically see if any of their stored sites and services were 1) Affected by Heartbleed, and 2) Should update their passwords for those accounts at this time.
The Last Password You’ll Have to Remember!
LastPass brings all of your usernames and passwords together in one secure place, allows you to autologin to your favorite sites, makes shipping and billing forms a breeze to fill out and helps you manage your digital life.
Create Your Account for free! – You can also subscribe to LastPass Premium for only $12 a year!