Five Things You Need to Know about Heartbleed

Bleeding Heart flowers

Bleeding Heart flowers

Internet Security.  Wait! Don’t click away just yet.  Does this sound boring?  Or overwhelming?  I promise, this will be fairly painless – and useful.  If you’re reading this during Spring/Summer 2014 it’s relevant because of the “heartbleed” online security bug you’ve all heard about.  If you’re reading this a year from now, the basic security tips are general enough to still make sense.

The short story and what to do next:

  1. “Heartbleed” is not a virus.  It is a software bug, a vulnerability that can release data never intended to be released to whoever is asking.  It doesn’t specifically go after passwords, although that is the information the hackers want.  It releases random data, which could include passwords and/or sensitive data.
  1. Your online bank accounts are almost certainly not affected (check with your bank).  (Want to know why? Keep reading, the geek details are at the end.)  I tell you this so you don’t throw up your hands in frustration and decide managing passwords is too hard, and nothing makes any difference anyway.  If you have good passwords for your online bank/finance accounts and you don’t share those passwords with, say, Facebook (you don’t, do you?), those are probably okay.
  1. Your social media accounts are mostly affected, so change your Facebook and Twitter passwords.  LinkedIn says they are okay, but my guess is your LinkedIn password matches your Facebook and Twitter passwords, so yes, it will have to be changed too.  Same for Pinterest and Instagram, etc.  And e-mail.
  1. Yes, your e-mail passwords are vulnerable and will have to be changed.  Can you feel your blood pressure rising?  This gets a little more complicated because you probably get e-mail on your smart phone and tablet, not just on your computer.  Take a deep breath.  Just remember it will have to be updated on all devices.  Don’t change it until you can make all the updates at once.
  1. There’s one more account you should check on (okay – you have a million other accounts, we’ll deal with those later).  If you are a consultant or business owner, check your website backend.  You have a logon account for your domain host – the group you pay to keep your website online – and it has a password.  But check with the host company, to see how they’ve addressed this; they may not have a bug fix in place yet – or they may not have been vulnerable at all (they probably are, though).Heartbleed with Binary Code and Password Text

The conventional wisdom is to Change All Your Passwords “just to be safe”.   And of course this is good advice; password changes always improve your security.  But I know many of you will decide this is too much trouble and change nothing.  Let’s at least deal with the accounts most important to you and your business.

This little cartoon by XKCD describes the Heartbleed bug perfectly and succinctly.  Remember the bug cannot specifically go after passwords and sensitive data, but it is widespread enough that it will find some passwords and sensitive data in the random mix of data it captures.  Especially now that it is so well published; hackers all over the world will be hammering servers to take advantage of those not yet fixed.  Additional note: why aren’t all online accounts vulnerable?  Remember this is a software bug, not a virus.  If your bank (or whoever) doesn’t use this specific software program (called OpenSSL), they don’t have the bug and therefore have nothing to fix, although they may still recommend a password change.

For those ready to explore what it takes to set up your own independent entity, check out WICademy: Consulting 101.  This is an interactive video conference series exploring how to “set up shop” taught by members of the non-profit Women In Consulting.  These experienced business owners will be sharing their and expertise to help launch the next set of successful “independents”.  It starts May 1, 2014.  To learn more about the course, visit http://bit.ly/1dh9P6R
jeannieshea@baytobaytech.com' About Jeannie Shea

I'm a computer technician and trainer, and I specialize in helping small business owners and consultants manage their technology, whether in person, by telephone or through remote computer access. We offer quick-access solutions and quarterly service contracts to our regular clients. Our goal: less tech frustration and more happy clients!

Speak Your Mind

*

Help us fight SPAM * Time limit is exhausted. Please reload CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Follow by Email
LinkedIn
Share
Twitter
Visit Us
Follow Me
Women In Consulting Blog