Our weekend has been ruined by the eruption of huge, extensive security flaw called Heartbleed which brought down the technology most responsible for protecting the transmission of our online data, the SSL protocol.
Heartbleed is a vulnerability which came into existence from an accidental coding mistake in the OpenSSL encryption system, the open-source implementation of SSL.
Fresh reports suggested that the National Security Agency has been aware that the bug is in existence for more than two years now, yet, remained mum on the vulnerability in the name of, well, national security. Intelligence gathering. The NSA is believed to have exploited the bug for gathering intelligence, obtaining passwords and other confidential data, even if that means leaving millions of ordinary users vulnerable to widespread attacks from hackers.
How do we protect our credentials then is inevitably hard to answer. But there are first aids to mitigate the risks at any length.
Constantly change your passwords
The security bug is particularly alarming because it affects the encryption technology used by online services such as bank websites and email service providers that process our most sensitive online information, including usernames, passwords, emails, Social Security, bank account and credit card numbers.
Researchers recommend that we change our password for each online service that could have been potentially affected by Heartbleed. Only do this when the compromised service has made the necessary patch to its servers and successfully pulled down the bug. It is no use, however, if you changed your password but the business’ servers have not yet been fixed: you are only getting yourself into another trap.
Wait for advice from your service providers
Another helpful, but discomforting thing that you can best do at the moment is to wait for advice from your service providers such as anti-virus software, email provider and banks whether their servers have been affected and remedied.
Apple just notified its customers and users that the iOS and OS X operating systems were free of the vulnerability. Facebook also said it did not notice any indications of suspicious activities within its network. Instagram, Pinterest, Tumblr, Google, Yahoo, Amazon Web Serivces, Netflix, Dropbox and GitHub are among the companies affected by the bug.
Use a public server scanner to investigate
To find out if a website that you frequently visit has been infected, McAfee provides a tool for scanning the presence of Heartbleed on a public server, though the result is not as accurate as your expectations go.
It should be made clear that Heartbleed is only an encryption error. It cannot be mended by simply running an anti-virus software. The best thing that companies can do is to upgrade their OpenSSL to the newest version in order to protect users.