One of the biggest security threats the Internet has ever seen has been exposed by an encryption flaw called the Heartbleed bug, and companies such as Yahoo, Dropbox and GoDaddy have already been affected by it.
Secure websites that are running SSL security encryption, having “https” (irony alert – the “s” stands for secure) in the URL, were vulnerable to the bug. The SSL layer is meant to protect you when you are logging into your account or performing transactions online, but Google Security researcher Neel Mehta and a software security firm called Codenomicon recently found out that there was an error in the programming code that effects OpenSSL web-servers. According to Neel and Codenomicon, hackers can get the keys needed to decode and read the data from OpenSSL web-servers. The official name for the bug is CVE-2014-0160.
The problem with the Heartbleed bug is that it has the ability to bypass a website’s security layer and reveal all the information that is in the web server memory. The result? Hackers can read and expose your passwords, emails, business documents and other private information straight from your computer.
Are my favorite websites vulnerable to the Heartbleed bug?
Before you go disconnecting your internet router – not every website is affected by the Heartbleed bug. Security patches for the bug was announced on Monday, however, many websites are still working on fixing the issue.
To manually check if a website is vulnerable, perform a Heartbleed test (set up by security researcher Filippo Valsorda). Enter the web address URL of the web site first. If the website checks out all good, the website is safe to use. You can also test websites using the Heartbleed checker by LastPass, a password manager service.
How can I protect myself online?
The first priority, as mentioned in this blog, is to check if the websites you are using are vulnerable to the bug. If the website is vulnerable, stay away from accessing the website until the patch is fixed.
5 steps to protect yourself:
- Change all your passwords, AFTER the security patches are fixed. Google security experts claimed that changing your passwords before the update could actually increase vulnerability.
- If you are aware that a website is not secured, download an Internet filtering software to prevent others from accessing the restricted web sites.
- If you are unsure if a website patched their software, contact their customer service and ask when they expect to fix the issue before you begin accessing the website – mark that date.
- Use a website which supports two-factor authentication. During a time with increasing security hacks, this is one of the easiest ways you can dramatically boost security on your online accounts.
- Clear out all of your web browser’s cache, cookies and history – You don’t want unsecured websites storing your history of passwords.