The Year of the Hack: What to Do About the Heartbleed Bug

A serious vulnerability is affecting much of the Internet. What is the Heartbleed bug, and what can users do about it?
Published
Benjamin Glaser
BY:
Contributing Writer
Internet security

If you laughed at those who got sucked into the Target hacking debacle because you personally only shop online, then the last laugh may be on you. Thanks to the terrifying-sounding "Heartbleed" vulnerability discovered this week, 2014 is shaping up to be the Year of the Hack. So what is Heartbleed, and what should you be doing about it?

Eric Limer at Gizmodo offers a thorough explanation about what Heartbleed is and how it works. Basically, it's a loophole that existed for years undetected in one of the Internet's most popular online security protocols. And because the protocol is open source, anyone and everyone could see it.

But you probably don't care about the why or how; you care about what it means for you. Unfortunately, there's not much you can do. Whitson Gordon at LifeHacker suggests the few steps users should take:

If possible, try to avoid connecting to vulnerable sites and services until they notify you of a fix. Changing your password won't help until the site has fixed the bug, so wait for confirmation from your favorite sites before you go changing passwords. If and when you do get confirmation, audit and update your passwords as usual. If a site is not vulnerable but doesn't issue a statement, change your passwords just in case they were vulnerable in the past.

Remember, it's not worth resetting your password if the website is still vulnerable. Fortunately, the password manager LastPass is now offering a handy tool that shows which sites have patched their vulnerability and reissued their security certificates.

Are security breaches affecting how you shop in stores or online? Let us know in the comments below.

Related DealNews Features:
Benjamin Glaser
Contributing Writer

Ben was Features Editor at DealNews from 2014 to 2017, when his shopping insights were highlighted by Good Morning America, Reuters, the Washington Post, and more. Though no longer in consumer news, Ben still loves getting a great deal (and writing about it!).
DealNews may be compensated by companies mentioned in this article. Please note that, although prices sometimes fluctuate or expire unexpectedly, all products and deals mentioned in this feature were available at the lowest total price we could find at the time of publication (unless otherwise specified).

Comments

Leave a comment!

or Register
4 comments
Lindsay Sakraida (DealNews)
@jcauthorn Haha, it's that hard to convince people to try Cinnabon? (I kid! Thanks for weighing in on Last Pass, good to know it gets a Reader Stamp of Approval!)
April 11, 2014
jcauthorn
I'm delighted to see you are mentioning LastPass.
I can't believe how hard it is to convince people that they should be using LastPass. It's secure, it does everything for you, and the list of proper security and convenience features is huge. I kinda feel like it's trying to convince someone to eat a Cinnabon for the first time - they don't think it's a big deal until they try it -- but once they try it they never want to go back.
April 11, 2014
pottsgw
Many sites (including google, discovercard, and bankofamerica), even though they have patched SSL, have not updated certificates since the publication of details on this bug and may still be compromised.
April 11, 2014