3rd Nov 2014 | Web Protection

Heartbleed Bug: A simple guide to staying safe

If you’ve read the newspaper, browsed Twitter or simply visited the Internet recently, you will have heard about the Heartbleed bug. It has been described as one of the most serious Internet security stories in the history of the Internet, so here’s a quick run-down to bring you up to speed and keep you safe.

What is Heartbleed

Certain sites that seek to protect sensitive information use a technology called Open SSL. It has been discovered that there is a vulnerability in the way your internet browser uses this technology. Theoretically this means an attacker could take advantage of the bug to steal passwords and other sensitive information which we submit to banks, e-commerce sites and other sensitive locations.

Am I affected by the bug?

You are very likely to be effected by the bug, even if it’s just indirectly. OpenSSL is the most popular tool used to encrypt traffic on the internet and is used by 66% of sites that submit secure information.

What can I do about it?

Respected security expert Bruce Schneier is on record as saying the flaw is “catastrophic”. Despite this, you shouldn’t panic. Here are some key steps to follow:

  1. Check the encrypted websites you are using – Anytime you use sites such as banks, credit card providers, online retailers and email providers – exercise caution. Most of the big ones have patched the problem already or will be communicating with their customers to keep them up to date. If you’re unsure, Mashable has a useful guide and you can also use this tool to check individual sites.
     
  2. Ensure your passwords are varied and secure – A solid rule which many of us fail to adhere to is making sure you’re not using the same basic password for all your online services. Now may be a good time to look into using a password manager such as Last Pass.
     
  3. Follow the advice of your providers – The chances are the services you are already using are well aware of the issues and are putting steps in place to fix them. Keep an eye out for email communications which may give you instructions on what you should do next.

The big question: Should I change all my passwords?

With all the alarmist newspaper headlines and talk of catastrophes there’s the temptation to rush around changing the password for every single online service you’ve ever used. We’d err on the side of caution.  Whilst it is always a good idea to change passwords, it may be best to wait until you’re sure the bug has been fixed on particular sites. Changing it now could reveal both old and new passwords to any would-be attacker.

Want to know something else? We’re happy to answer any further questions on Twitter.