How has this been going on for two years? Well, Heartbleed made it past the quality assurance tests, deploying itself across the Internet, allowing hackers to potentially steal sensitive data wherever is vulnerable enough. Good news is, chief security strategist Richard Bejtlich from FireEye, a network security company, recently expressed “there’s no evidence that malicious hackers have exploited the flaw yet”. Unfortunately, “yet” is the word providing us with a continual flow of skepticism, and paranoia during this attack. In fact, you can thank Tor Project, an anonymous Internet browsing facilitator, for stirring the pot a bit. Tor recommended, “If you need strong anonymity or privacy on the Internet, you might want to stay away from the Internet entirely for the next few days while things settle”.
1. Who is affected: In order to check if you are using OpenSSL, a couple things stick out. One, websites you access show an “https” address. Two, a lock appears next to the address, indicating you’re on OpenSSL. Yep, this does imply you are on OpenSSL a lot.
2. Test to see which sites are vulnerable: This link from LastPass is a good tool for checking if a website you use has resolved the issue.
3. VPNs: If you have one, use it. It is “fairly safe”.
4. Change your passwords: Do this only if you know the website is now secure. “If the website is still vulnerable, changing the password will not accomplish anything. The hacker could potentially view your newly created password, too”. Also, be especially clever in what you change your password to. No more “Password1234” (no one should have been doing that anyways).
Websites such as Google, Amazon, and Yahoo have apparently identified the issues and secured their websites. Major lists of banks, apps, games, search engines, and more are consistently being updated in regards to their vulnerability status. This is most definitely a fight for our security and our privacy, most importantly “our freedom to communicate”. All we can do now is take the steps suggested for us. In the end, we are all tangled together online. Something like this was bound to happen in a weakness such as that.