The Internet is abuzz with news of the Heartbleed bug. And for good reason.
The vulnerability gives hackers a free, though limited, look at a Web server’s activity, which can include account passwords and the site’s security key. Many experts say that approximately one-third of all websites were using the code that contained the vulnerability. However, experts also doubt that hackers have been aware of the bug for the last two years it has been in existence.
Many sites have already patched their servers and reissued their security certificates, also called SSL, to ensure safe and secure browsing. CNET, a consumer technology website, is tracking patching progress of the top 100 websites, or if they were affected, at www.cnet.com/how-to/ which-sites-have-patched-the-heartbleed-bug.
You may have been urged to quickly change all of your passwords, but it is important to change them after websites have fixed the vulnerability. The Better Business Bureau offers the following suggestions for keeping your accounts secure:
• Once you’ve verified that the website was not affected or has fixed the bug, change your password to a strong, unique one.
• Consider secure storage of your passwords with an online password manager. Password managers encrypt and store all of your complex passwords, so you only have to remember the one password for the manager software.
• Beware of phishing emails taking advantage of Heartbleed. Such emails claim to be from well-known websites and ask you to click a link to change your password. Instead go directly to the website in question and follow the above tips to keep your account secure.
For more tips you can trust, visit the BBB online at www.bbb.org or call (509) 455-4200.
By Erin T. Dodge, BBB editor