Newspaper article The Christian Science Monitor

Heartbleed: What You Should Do (and Not Do) to Protect Your Data

Newspaper article The Christian Science Monitor

Heartbleed: What You Should Do (and Not Do) to Protect Your Data

Article excerpt

It's likely you have seen the open-source encryption code OpenSSL without realizing what it does. The software encrypts information on websites, such as passwords. Two-thirds of websites are estimated to use the code.

However, cybersecurity researchers now know that the system was flawed. The issue may have gone undetected for more than two years, allowing hackers to run a program, nicknamed Heartbleed, that revealed encryption keys and browser history, offering easy access to passwords and private communication in an undetectable way. After the story broke Monday night, researchers have been scrambling to find a solution that has affected websites as large as Yahoo.

When cybersecurity breaches break, the usual protocol is to change your password and update security software as soon as possible. However, Heartbleed is a bit different. Since the hack is untraceable, it may be impossible to know if your data has been breached. If a website you use hasn't updated its security to fix the problem yet, hackers could grab your password as you change it (without you realizing). Though a new version of OpenSSL that patches the bug has been released, not all websites have updated their systems.

Here's how to keep your information safe online while the Heartbleed situation gets under control.

Check if the websites you use are vulnerable

The scope of the problem isn't yet confirmed, so before entering any sensitive information into a website, double check to be sure it is safe. Use this Web page to check if a website is vulnerable, and if it is, wait until the site has confirmed it has updated its security before you input any sensitive information.

Early monitoring of the situation found that websites such as Yahoo, OkCupid, and Eventbrite were vulnerable, though some have begun making the necessary security fixes. Here is an updating list of websites and whether they are affected. Even if a website is in the clear, use caution while inputting information in the next few days.

Don't rush to change your passwords (but if you really want to, change the important passwords first)

"Security experts suggest waiting for confirmation of a fix, because further activity on a vulnerable site could exacerbate the problem," CNET found. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.