Latest in Amazon

Image credit:

How to avoid heartburn, er, Heartbleed

Share
Tweet
Share
Save

Sponsored Links

Don't change your password. It's strange advice to hear when the so-called Heartbleed bug is leaving databases all over the web open and exposed, but it's applicable. Yes, security has been compromised for many of your favorite websites and services (including Google, Flickr and Steam, at least initially) but protecting yourself isn't quite as easy as changing your password. Unlike past exploits, Heartbleed isn't a database leak or a list of plaintext logins; it's a flaw in one of the web's most prevalent security protocols -- and until its fixed, updating your login information won't do a darn thing to protect you. What, then, can you do to protect yourself? Wait, watch and verify.

Updating your password is a must, but only after your favorite services have patched their servers to block the Heartbleed exploit. Fortunately that's relatively easy -- the open-source SSL encryption software the bug affects has already been updated with a new, secure version. Vulnerable sites need only to upgrade to the latest version of Open-SSL to protect their users. Although some companies will notify users that their services have been patched (like Google did), not all of them have or will. That means you need to be aware of which websites were vulnerable to the bug and routinely check them to see if they're back on track. Don't worry, that's not too difficult either. Sites like GitHub and Mashable have already compiled lists of popular websites, services and social networks, noting if they were affected at the time of Heartbleed's discovery, and in some cases, if they've been patched. You can check manually, too: concerned coders and even some companies have made tools available to help you suss out sites that are open to attack. Coder Filippo Valsorda has created a Heartbleed checker and the folks at LastPass have a similar tool -- either or both will update you on the status of a site's security certificate. If it comes up clean, you're safe to change your password.

Of all the exploits we've seen over the past few years, Heartbleed is certainly the biggest nuisance. Not only is it widespread enough to worm its way into some forgotten nook of your digital past, but it's been lying under our noses for two years. Still, there's no need to panic: just wait for your favorites services to patch the bug, watch for announcements from sites you might use and verify their security using freely available tools. Once that's all done, change your password, write it down and breathe easy.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
Pocket Casts will give existing desktop customers Plus for life

Pocket Casts will give existing desktop customers Plus for life

View
Verizon will bring its 5G network to NYC on September 26th

Verizon will bring its 5G network to NYC on September 26th

View
Switch Lite review: The best way to play on the go

Switch Lite review: The best way to play on the go

View
Amazon plans to hit Paris climate change goals 10 years early

Amazon plans to hit Paris climate change goals 10 years early

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr