Unless you have been living in a cave with no access to the internet for the past couple of days, chances are you have heard a lot about Heartbleed bug that has plagued some of the most frequently visited websites in the world. Heartbleed bug basically is a vulnerability in the Open SSL cryptographic software library. This causes someone to intervene and perhaps steal data that under normal circumstances would have been protected by the SSL encryption.
According to Hearbleed website, “The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.”
To help patch this vulnerability, Fixed OpenSSL has been released and deployed. Several websites have already adopted this, employed it and are informing their customers about the same. We have personally already received a notification E-Mail from Buffer and Pinterest prompting us to change password of the account after deployment of this patch.
So, even though the patch has been released, we advice you to do the following:
1) Change Passwords of all the services and apps where you have sensitive data
It is imperative that you change the password of every single service including Flickr, Gmail, Dropbox etc which may be home to sensitive data that you do not want to be compromised. Even services like Facebook or Tumblr where you may be active socially could have suffered from the bug, so you might as well change the passwords, to ensure your account is not compromised. Make sure you enable two step verification if available.
2) If a service tells you to reset password, do it immediately
If you have received an E-Mail stating that you need to update or change or even reset your password, all of them should be taken super seriously. Go ahead and promptly change the password as services make sure your personal data is kept secure.
3) Log out of apps on your smartphones and log in again
It is a good idea to log out of the apps on your phone as it would end the current session and begin a new one when you log in again. You never know who was intercepting the connection and stealing stuff from within your apps. No matter which OS you are on, make sure you log out of the apps and log in again.
4) If you are using Linux on desktop, update to the latest version ASAP
Ubuntu Linux has been found to be extremely vulnerable to SSL bugs in the past and continue to be so. So, if you are running Ubuntu or any other variant of Linux like Fedora, Mint, Steambox etc, make sure you update to the latest version and install all the updates to keep safe from the bugs.
5) Test a website yourself if it is vulnerable
There are several tools available online to test if a certain website is vulnerable to the SSL bug. One such tool that we found pretty useful is here. All you need to do is enter in the URL of the site or service here and in case it says that the service is affected, avoid using it till it is fixed.
As always, we hope, you are one of the lucky few whose data and information is not affected by this loophole, still, to be on the safer side, make sure you follow the steps above to be 100% sure. If there is any other step you are taking to be secure, do share them with us by writing them in the comments section or connecting with us on our Social profiles.