Wednesday, April 9, 2014

Heartbleed! Everybody PANIC!

If you haven't already, now is a very good time to change your passwords. All of them- banks, email, social media, etc.  A major security vulnerability was discovered yesterday that by some accounts left 60% of the web vulnerable to intercept and account theft.  This is certainly one of the worst I've heard about.  You can read more at http://heartbleed.com/

The problem is if the site has not been patched, changing passwords won't do any good. Most major institutions probably have patched already, but it wouldn't hurt to check with your smaller banks etc.  Just email support and ask if they have patched the "OpenSSL Heartbleed vulnerability".

I have recommended Lastpass before and still do.  It was one of the vulnerable sites, but due to the way it's built, theoretically should still be safe.  It's still a good idea to change your master password there and the passwords it contains.

One last tip: if you get a password reset email, go to the website directly to reset your password instead of clicking a link in email.  This will prevent any related phishing attempts.

PS: Don't really panic.  Just be safe and change your passwords regularly and do not use the same ones everywhere.

No comments: