Tuesday, April 15, 2014

HeartBleed - The Least You Need To Know

I've gotten several questions about the HeartBleed bug, so here's the least you need to know:
  1. This is a serious security breach.
  2. It is unlikely that your personal information will actually be exploited.
  3. You should change all your passwords over the next week or so.

If you're still reading, here are a few more details:
  1. While this security breach is serious (it affect 2/3 of all servers on the internet), it appears to not be as bad as initially thought. (Bruce Schneier, a leading security expert,  called it an “11 out of 10”, but has since dialed it back a bit.)
  2. The bug has been in the wild for over 2 years, but there is no evidence of exploitation. And any hacker that utilized it would end up getting somewhat random data that may or may not contain unencrypted passwords and other user information. So the likelihood of your personal information getting both exposed AND exploited are fairly small.
  3. This is a perfect excuse to switch over to a password keeper (I use LastPass), and use that to generate new strong, random passwords for all the web sites you use the next time you visit them. LastPass is great, because it will synch up across devices - you only need to create and remember one strong master password.

If you're STILL reading  and want to learn more, here are some helpful links to learn more about HeartBleed (ranging from basic to highly technical):

And here are some of the leading password keepers services / apps:

Finally, if you any of the major ecosystems, you should really consider turning on 2 factor verification:
I hope you found this information helpful - please leave a comment if you have further questions. Share & Enjoy!