Latest in Amazon

Image credit:

How to avoid heartburn, er, Heartbleed

Share
Tweet
Share
Save

Sponsored Links

Don't change your password. It's strange advice to hear when the so-called Heartbleed bug is leaving databases all over the web open and exposed, but it's applicable. Yes, security has been compromised for many of your favorite websites and services (including Google, Flickr and Steam, at least initially) but protecting yourself isn't quite as easy as changing your password. Unlike past exploits, Heartbleed isn't a database leak or a list of plaintext logins; it's a flaw in one of the web's most prevalent security protocols -- and until its fixed, updating your login information won't do a darn thing to protect you. What, then, can you do to protect yourself? Wait, watch and verify.

Updating your password is a must, but only after your favorite services have patched their servers to block the Heartbleed exploit. Fortunately that's relatively easy -- the open-source SSL encryption software the bug affects has already been updated with a new, secure version. Vulnerable sites need only to upgrade to the latest version of Open-SSL to protect their users. Although some companies will notify users that their services have been patched (like Google did), not all of them have or will. That means you need to be aware of which websites were vulnerable to the bug and routinely check them to see if they're back on track. Don't worry, that's not too difficult either. Sites like GitHub and Mashable have already compiled lists of popular websites, services and social networks, noting if they were affected at the time of Heartbleed's discovery, and in some cases, if they've been patched. You can check manually, too: concerned coders and even some companies have made tools available to help you suss out sites that are open to attack. Coder Filippo Valsorda has created a Heartbleed checker and the folks at LastPass have a similar tool -- either or both will update you on the status of a site's security certificate. If it comes up clean, you're safe to change your password.

Of all the exploits we've seen over the past few years, Heartbleed is certainly the biggest nuisance. Not only is it widespread enough to worm its way into some forgotten nook of your digital past, but it's been lying under our noses for two years. Still, there's no need to panic: just wait for your favorites services to patch the bug, watch for announcements from sites you might use and verify their security using freely available tools. Once that's all done, change your password, write it down and breathe easy.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share
Save

Popular on Engadget

Google is ending support for the Explorer Edition of Glass

Google is ending support for the Explorer Edition of Glass

View
Despite the HQ2 debacle, Amazon will add office space in Manhattan

Despite the HQ2 debacle, Amazon will add office space in Manhattan

View
Apple plans software fix for 16-inch MacBook Pro 'speaker popping'

Apple plans software fix for 16-inch MacBook Pro 'speaker popping'

View
Elon Musk wins defamation trial over ‘pedo’ remarks

Elon Musk wins defamation trial over ‘pedo’ remarks

View
‘Reno 911!’ is coming back as a Quibi exclusive

‘Reno 911!’ is coming back as a Quibi exclusive

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr