- Heartbleed SSL Encryption Flaw: 10 Ways to Minimize the Threat
- Know the Affected Sites and Steps They’re Taking
- Don’t Log In to Any Affected Sites
- Don’t Trust the All-Clear
- Be Careful About Browser Cookies
- Prepare, but Don’t Immediately Implement, New Passwords
- Embrace Two-Factor Authentication
- Stay Away From Small Sites
- Apply Pressure on Web Companies to Set Things Right
- Stay Up on the News
- Stay Off the Web for a Few Days if Possible
Heartbleed SSL Encryption Flaw: 10 Ways to Minimize the Threat
by Don Reisinger
Know the Affected Sites and Steps They’re Taking
It’s estimated that the Heartbleed flaw has affected at least 600 of the world’s most popular 10,000 sites. Millions more of lesser-known sites are also affected. The first step in staying secure in the face of the threat, therefore, is knowing which sites are most at at risk and staying up on when and how they’ve addressed the issue.
Don’t Log In to Any Affected Sites
While it’s impossible to keep track of all the potentially affected sites, it’s advisable to not even consider logging in to them until those companies know for sure that their servers are safe. Upon logging in to the systems, the servers are pinged and it’s possible hackers will take notice and steal sensitive information. Stay away. Stay far, far away.
Don’t Trust the All-Clear
Some sites have said that they have addressed the problem, only to turn around and discover that their “fixes” were only partial. Although some sites might give the all-clear, it’s a good idea to wait and see over a period of a few days after that to determine if that’s actually true.
Be Careful About Browser Cookies
There are some indications that the Heartbleed flaw extends to Web browsing. According to security experts, the flaw can track surfing cookies. So, in addition to logging into sites, folks that even go to affected pages might fall victim to the threat through the cookie flaw. The Imgur Website recently acknowledged the cookie flaw to the news media, saying that it invalidated tokens on cookies “to be on the safe side.”
Prepare, but Don’t Immediately Implement, New Passwords
Heartbleed has also brought to the fore the question of password security. Now that we know that sites might have been compromised and user data stolen, companies are urging users to reset their passwords. However, until you know for sure that the particular site is out of the woods and fully secure, don’t actually change the password. After all, if the site is still vulnerable, the new password will be stolen.
Embrace Two-Factor Authentication
Much has been made about the inconvenience of two-factor authentication, but it’s high time more people and companies embrace the idea. Two-factor authentication means that in addition to logging in to a site with a username and password, users would need to verify their identity through another product. In many cases, that means sending a code to a mobile phone on file. Two-factor authentication isn’t a security panacea, but it helps improve overall security.
Stay Away From Small Sites
Although Heartbleed is starting to become more known in the security community, there’s a good chance that small businesses affected by the flaw won’t know anything about it or won’t know how to deal with it. Realizing that, it might be a good idea to contact local small firms you do business with online to see if they’re affected. If they don’t know, keep away. If they say yes, wait for them to verify their security. Big companies tend to move far more quickly on these kinds of flaws than smaller firms, so keep that in mind.
Apply Pressure on Web Companies to Set Things Right
One of the great things about the Web is that the collective efforts of its users can institute change in companies. That’s especially the case when security issues affect users. So, rather than sit back and wait to see what happens, consider speaking out on forums, heading over to Reddit to join the people worried about this flaw, and send notes directly to companies through email and social media, urging them to quickly address the security problems. Heartbleed is a major issue that must be addressed now.
Stay Up on the News
The worst thing to be is uninformed whenever security issues break out. Be sure to stay up on the news surrounding Heartbleed and see if anything has changed, gotten better or become worse. The more the average person knows about a particular security flaw, the less likely they are to be affected by it. Keep that in mind.
Stay Off the Web for a Few Days if Possible
Some security experts have taken the concern over Heartbleed a step beyond the standard recommendations. Those experts have suggested that users stay off the Web for the next few days to see how Heartbleed’s discovery plays out and how companies respond. The very act of being on the Internet puts users at risk, those experts say. So it’s better to keep away than try to dance around the potentially dangerous sites. It might sound severe, but it might also make some sense.