Staunching the Heartbleed Bug (What a Nosebleed!)
Wednesday, May 7, 2014
Posted by: Nathan Swartzendruber
Hopefully you’ve heard about the Heartbleed bug. It’s a problem that affected about 2/3rds of the internet’s secure servers and made them not-secure. This is Very Bad, since it could have allowed attackers to steal your password or other account-related information. This comic explains the problem in very simple terms (follow the link to see the entire comic): http://xkcd.com/1354/.
If you have an account with Google, Facebook, Yahoo, Slate, Flickr, Dropbox, Netflix, Wordpress or Tumblr, you definitely need to change your passwords. On the other hand, here are some sites that reportedly weren’t affected: Amazon.com, Chase (and many other banks), Twitter, Apple, Ebay, Paypal, Microsoft/Outlook. Check if a specific site was affected by using the LastPass Heartbleed checker: https://lastpass.com/heartbleed/.
That list of unaffected websites isn’t much of a confidence-builder, especially since different sites report different lists. If you have an online account that stores information you want to keep safe, this is a good time to change your password. If you have used the same password for several websites, including any of the affected websites, you should change all of those passwords. If you find accounts you no longer use, now’s a good time to shut them down. It’s time to clean house.
Yes, changing all these passwords will take a lot of time. Yes, it’s really important that you change them, to protect your data. (Think of all the emails you’ve ever sent. That’s important data!) You can make the process a little less painful by setting up a password keeper like LastPass or 1Password to securely store your passwords and generate new, strong passwords for you. These aren’t free, but for me, the security is worth the price.
Using them, I’ll still have to visit the 170+ websites where 1Password reports I have vulnerable accounts (Ouch). But the software remembers my current password and can generate new, strong passwords (and remember them) automatically. For more on creating your own strong passwords, revisit my write-up from November: http://tiny.cc/password-recipes.
Nathan Swartzendruber, SWON Technology Educator