The Year of the Hack: What to Do About the Heartbleed Bug
If you laughed at those who got sucked into the Target hacking debacle because you personally only shop online, then the last laugh may be on you. Thanks to the terrifying-sounding "Heartbleed" vulnerability discovered this week, 2014 is shaping up to be the Year of the Hack. So what is Heartbleed, and what should you be doing about it?
Eric Limer at Gizmodo offers a thorough explanation about what Heartbleed is and how it works. Basically, it's a loophole that existed for years undetected in one of the Internet's most popular online security protocols. And because the protocol is open source, anyone and everyone could see it.
But you probably don't care about the why or how; you care about what it means for you. Unfortunately, there's not much you can do. Whitson Gordon at LifeHacker suggests the few steps users should take:
If possible, try to avoid connecting to vulnerable sites and services until they notify you of a fix. Changing your password won't help until the site has fixed the bug, so wait for confirmation from your favorite sites before you go changing passwords. If and when you do get confirmation, audit and update your passwords as usual. If a site is not vulnerable but doesn't issue a statement, change your passwords just in case they were vulnerable in the past.
Remember, it's not worth resetting your password if the website is still vulnerable. Fortunately, the password manager LastPass is now offering a handy tool that shows which sites have patched their vulnerability and reissued their security certificates.
Are security breaches affecting how you shop in stores or online? Let us know in the comments below.
Related DealNews Features:
Sign In or Register