April 20, 2014 in City

BBB Tip of the Week: Heartbleed bug

 

The Internet is abuzz with news of the Heartbleed bug. And for good reason.

The vulnerability gives hackers a free, though limited, look at a Web server’s activity, which can include account passwords and the site’s security key. Many experts say that approximately one-third of all websites were using the code that contained the vulnerability. However, experts also doubt that hackers have been aware of the bug for the last two years it has been in existence.

Many sites have already patched their servers and reissued their security certificates, also called SSL, to ensure safe and secure browsing. CNET, a consumer technology website, is tracking patching progress of the top 100 websites, or if they were affected, at www.cnet.com/how-to/ which-sites-have-patched-the-heartbleed-bug.

You may have been urged to quickly change all of your passwords, but it is important to change them after websites have fixed the vulnerability. The Better Business Bureau offers the following suggestions for keeping your accounts secure:

• To check if a website is still vulnerable, use a Heartbleed checker like the ones from McAfee, tif.mcafee.com/heartbleedtest, or LastPass, www.lastpass.com/heartbleed.

• Once you’ve verified that the website was not affected or has fixed the bug, change your password to a strong, unique one.

• Consider secure storage of your passwords with an online password manager. Password managers encrypt and store all of your complex passwords, so you only have to remember the one password for the manager software.

• Beware of phishing emails taking advantage of Heartbleed. Such emails claim to be from well-known websites and ask you to click a link to change your password. Instead go directly to the website in question and follow the above tips to keep your account secure.

For more tips you can trust, visit the BBB online at www.bbb.org or call (509) 455-4200.

By Erin T. Dodge, BBB editor

Get stories like this in a free daily email


Please keep it civil. Don't post comments that are obscene, defamatory, threatening, off-topic, an infringement of copyright or an invasion of privacy. Read our forum standards and community guidelines.

You must be logged in to post comments. Please log in here or click the comment box below for options.

comments powered by Disqus