The recently discovered Heartbleed bug exposed a gaping hole in the security software that’s supposed to keep your information private while shopping, managing your finances or sending and reading email. While there still aren’t any signs that the bug has actually led to eavesdropping or theft—financial, identity or otherwise—it’s probably only a matter of time.
The good news is that there are ways you can protect your information from thieves and snoops. The bad news is that they’re simple but not necessarily easy.
Why Heartbleed Is A Big Deal
First, some quick background. The Heartbleed bug allows potential attackers to sidestep the cryptographic security that normally protects Web communications on sites that use an open-source version called OpenSSL. In essence, the bug allowed attackers to grab random bits of information from Web servers—information that could include usernames and passwords, the cryptographic “keys” that shield traffic from prying eyes, or even the coded “certificates” that websites use to verify that they are who they say they are.
In the worst case, exposure of that information could allow attackers to read all traffic to and from a given site, or even to impersonate the site itself—which could be, let’s just say, bad if the site in question happens to be a malign copy of your bank. (For a deeper technical breakdown of Heartbleed, check out ReadWrite’s FAQ here.)
pretty incredible to hear about this security bug that’s gone undetected for the past two years (at least)… we’ve been scrambling and updating things left and right at work, which explain why all employees have been asked to update their passwords and SSH keys — a mild pain in the ass, for sure.
i’m also changing my passwords on sites i use a lot like gmail, amazon, etc.