You may or may not have heard of the Heartbleed vulnerability, but even those who don’t know about computers should know about this one. It’s estimated that 66% of the websites on the Internet are or were vulnerable, which means your information can be at risk. You probably don’t want me to explain the jargon, so I’ll simplify. The security vulnerability is in OpenSSL, which many websites use for encryption. This encryption hides your data from hackers, so they can’t see the credit card numbers, usernames, or passwords you’re sending to a website. When a webpage starts with https://, it’s using SSL, and usually, that means it’s secure. However, this vulnerability lets a hacker get by this encryption completely, and do so undetected. Think about the name a bit, Heartbleed. Would you name any basic vulnerability something as drastic as a heart bleeding? This is big, and you should be very concerned. Fortunately, there are some steps you can take to protect yourself. Unfortunately, it may not be enough.
The first thing you should do is make a list of any websites that you use for important information. Banks, credit cards and online stores are key targets for hackers. Once you’ve made a list of the important sites you use, head over to this website. Input the names of each website to the checker, and ensure that they do not have the vulnerability. You can also use this Chrome browser extension to scan every site you visit. Cross them off your list. If any do have the vulnerability, pay attention to them (we’ll come back to them).
For the sites that pass the test, you may want to change your passwords immediately. If the websites have been fixed, but had the vulnerability before, your password may have been leaked to hackers. You’ll want to change only the passwords of websites that do not currently have the vulnerability. Changing the password of a site that has the issue now won’t do anything for you. Next, we’ll address those websites that are currently vulnerable.
If you find a site that is currently vulnerable, try not to use it. I say try, because some people may need to log in to those websites in order to do their banking. In these cases, do everything you can to not use that website. Call up the company, send in your bill, beg them to fix it, just avoid sending in your information at all costs. Only log in if you absolutely must. Secondly, check in on these problem websites daily. Developers will be working to patch these sites, so make sure to check your email for alerts from these companies and use the tools I mentioned earlier to check your favorite sites frequently. Once a website passes the test, reset your password and cross it off your list.
Companies are rushing to patch this vulnerability, so it should be fixed on most sites shortly. Don’t be surprised if it takes longer for smaller companies or websites that may not have employed software professionals to patch their sites. Be patient, but not too patient. If you need a service, and the site it’s on hasn’t been patched (and they’re taking their time fixing it), you’ll want to find a new website. This is a very serious vulnerability, one that gets past encryption and doesn’t leave a trace of the hackers. Do not take this lightly, take measures now to protect your information.