Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Applications
    • Applications
    • Cloud
    • Cybersecurity
    • Servers

    Heartbleed SSL Encryption Flaw: 10 Ways to Minimize the Threat

    By
    Don Reisinger
    -
    April 10, 2014
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      PrevNext

      1Heartbleed SSL Encryption Flaw: 10 Ways to Minimize the Threat

      1 - Heartbleed SSL Encryption Flaw: 10 Ways to Minimize the Threat

      by Don Reisinger

      2Know the Affected Sites and Steps They’re Taking

      2 - Know the Affected Sites and Steps They're Taking

      It’s estimated that the Heartbleed flaw has affected at least 600 of the world’s most popular 10,000 sites. Millions more of lesser-known sites are also affected. The first step in staying secure in the face of the threat, therefore, is knowing which sites are most at at risk and staying up on when and how they’ve addressed the issue.

      3Don’t Log In to Any Affected Sites

      3 - Don't Log In to Any Affected Sites

      While it’s impossible to keep track of all the potentially affected sites, it’s advisable to not even consider logging in to them until those companies know for sure that their servers are safe. Upon logging in to the systems, the servers are pinged and it’s possible hackers will take notice and steal sensitive information. Stay away. Stay far, far away.

      4Don’t Trust the All-Clear

      4 - Don't Trust the All-Clear

      Some sites have said that they have addressed the problem, only to turn around and discover that their “fixes” were only partial. Although some sites might give the all-clear, it’s a good idea to wait and see over a period of a few days after that to determine if that’s actually true.

      5Be Careful About Browser Cookies

      5 - Be Careful About Browser Cookies

      There are some indications that the Heartbleed flaw extends to Web browsing. According to security experts, the flaw can track surfing cookies. So, in addition to logging into sites, folks that even go to affected pages might fall victim to the threat through the cookie flaw. The Imgur Website recently acknowledged the cookie flaw to the news media, saying that it invalidated tokens on cookies “to be on the safe side.”

      6Prepare, but Don’t Immediately Implement, New Passwords

      6 - Prepare, but Don't Immediately Implement, New Passwords

      Heartbleed has also brought to the fore the question of password security. Now that we know that sites might have been compromised and user data stolen, companies are urging users to reset their passwords. However, until you know for sure that the particular site is out of the woods and fully secure, don’t actually change the password. After all, if the site is still vulnerable, the new password will be stolen.

      7Embrace Two-Factor Authentication

      7 - Embrace Two-Factor Authentication

      Much has been made about the inconvenience of two-factor authentication, but it’s high time more people and companies embrace the idea. Two-factor authentication means that in addition to logging in to a site with a username and password, users would need to verify their identity through another product. In many cases, that means sending a code to a mobile phone on file. Two-factor authentication isn’t a security panacea, but it helps improve overall security.

      8Stay Away From Small Sites

      8 - Stay Away From Small Sites

      Although Heartbleed is starting to become more known in the security community, there’s a good chance that small businesses affected by the flaw won’t know anything about it or won’t know how to deal with it. Realizing that, it might be a good idea to contact local small firms you do business with online to see if they’re affected. If they don’t know, keep away. If they say yes, wait for them to verify their security. Big companies tend to move far more quickly on these kinds of flaws than smaller firms, so keep that in mind.

      9Apply Pressure on Web Companies to Set Things Right

      9 - Apply Pressure on Web Companies to Set Things Right

      One of the great things about the Web is that the collective efforts of its users can institute change in companies. That’s especially the case when security issues affect users. So, rather than sit back and wait to see what happens, consider speaking out on forums, heading over to Reddit to join the people worried about this flaw, and send notes directly to companies through email and social media, urging them to quickly address the security problems. Heartbleed is a major issue that must be addressed now.

      10Stay Up on the News

      10 - Stay Up on the News

      The worst thing to be is uninformed whenever security issues break out. Be sure to stay up on the news surrounding Heartbleed and see if anything has changed, gotten better or become worse. The more the average person knows about a particular security flaw, the less likely they are to be affected by it. Keep that in mind.

      11Stay Off the Web for a Few Days if Possible

      11 - Stay Off the Web for a Few Days if Possible

      Some security experts have taken the concern over Heartbleed a step beyond the standard recommendations. Those experts have suggested that users stay off the Web for the next few days to see how Heartbleed’s discovery plays out and how companies respond. The very act of being on the Internet puts users at risk, those experts say. So it’s better to keep away than try to dance around the potentially dangerous sites. It might sound severe, but it might also make some sense.

      PrevNext

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.