Over the past decade, hundreds of millions of people have put their trust in the online world. Nowadays, without blinking an eye, we do our banking online; pay bills; buy gifts; sell books; played interactive games with people who live thousands of miles away; become avatars and even date/marry online.
The options are endless these days – anything you want or need can most likely be found on the Internet. Many of us are trying to take the necessary precautions as well: we have anti-virus software so that spam and emails with malicious links can’t pass through our home and work firewalls. We trust our banks since they are password protected and we are willing to send Target, Gap, Wal-Mart and other retailers our credit card data, secure in the knowledge our card numbers are safely encrypted.
What is Heartbleed?
And then our confidence was shaken. A few weeks ago, a vulnerability called Heartbleed was found in the in the popular OpenSSL cryptographic software library – and for a few days, while IT professionals scrambled to fix what could be dent in the cybersecurity armor of the Internet – people were very nervous about the security of encrypted software on millions of Web sites. According to Heartbleed.com, “This weakness allows the stealing of protected information, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).”
To fix this vulnerability, Heartbleed.com released a Fixed OpenSSL that is helping financial institutions as well as medical facilities and online retailers to ensure the safety of their online customers.
The Department of Homeland Security posted information on Heartbleed as well – trying to calm millions of shattered nerves: “While there have not been any reported attacks or malicious incidents involving this particular vulnerability confirmed at this time, it is still possible that malicious actors in cyberspace could exploit un-patched systems. That is why everyone has a role to play to ensuring our nation’s cybersecurity. We have been and continue to work closely with federal, state, local and private sector partners to determine any potential impacts and help implement mitigation strategies as necessary.”
While cybersecurity will always be an ongoing risk, there are steps you can take to protect yourself against these threats.
The following are tips from the Department of Homeland Security to help you protect your online IDs and passwords:
- Change Passwords: According Homeland Security, “Many commonly used websites are taking steps to ensure they are not affected by this vulnerability and letting the public know. Once you know the website is secure, change your passwords.” (And use long, difficult passwords – don’t just use your birthday, ‘Password 123’ or your dog’s name – too easy to hack).
- Closely monitor your email accounts, bank accounts, social media accounts, and other online assets for irregular or suspicious activity, such as abnormal purchases or messages, says Homeland Security.
- Look for HTTPS: After a website you are visiting has addressed the vulnerability, ensure that if it requires personal information such as login credentials or credit card information, it is secure with the HTTPS identifier in the address bar. Look out for the “s”, as it means secure.