Heartbleed affects encryption technology that is designed to protect everyday online accounts and passwords, and any online communication between secure servers.
This security hole has existed for over two years, and the scale of the damage is not yet known, nor will it ever be, as there is no current way to check which data has been compromised.
So with all this happening, and all online services being affected, how can you protect yourself?
Check whether the websites you use updated the fixed version of OpenSSL – Heartbleed created an opening in an SSL/TSL variant, known as OpenSSL. A fixed version of OpenSSL has been released, but it is still up to the individual website owners to put the fixed version into place.
The range of websites affected is also not yet known, but CNET has published a list of several popular websites, indicating their status: http://www.cnet.com/uk/how-to/which-sites-have-patched-the-heartbleed-bug.
CNET’s list indicates that most popular websites have already patched the vulnerability on their website. At the time of the writing of this article, most news websites still show an ‘Be on Alert’ warning, so this suggests not to login to those with your social media accounts (such as Facebook, LinkedIn, Twitter, or Pinterest) as these can still be compromised through those websites.
Change your passwords – After checking that the website has fixed the loophole, update your passwords. Simple passwords are easier to crack. If you use Safari, activate ‘iCloud Keychain’ which will prompt Safari to suggest ultra-secure passwords for you, and save them for you to access anywhere.
Skylight team rolled into action as soon as the news of the bug reached us. We have since reissued our SSL and upgraded our servers. After the server updates, all customers were notified to reset their passwords. If you haven’t yet, please do so now by clicking here.
With the Heartbleed bug being exposed in the media, it increased its vulnerability, as more hackers became aware of its existence.
If you have a website you can check its status by installing the ChromeBleed plug-in for Google Chrome, which automatically checks every site you visit for the bug and warns you. You can install ChromeBleed or you can use online Heartbleed checker provided by Norton.
Stay safe and watch out for the updated OpenSSL patch that fixes the loophole on all the services you and your business uses online!