Monday night, security researchers reported the discovery of the Heartbleed bug, a serious security flaw affecting the software that encrypts the transaction of private data on many major services, like Yahoo and Flickr. (A snapshot of many vulnerable sites is available at Github.) If you use any of these services at work, your concerns aren’t just personal, they’re professional.
(Photo Credit: Heartbleed.com)
Let’s say you have an account with one of these sites, under your own name and credit card information or under your employer’s, and you use it for your job. The Heartbleed bug could expose your employer to fraud or other malicious intent.
Then there’s the productivity issue: It’s hard to concentrate on your job, when you’re desperately trying to remember if you had an account on this or that major website, going all the way back to the dawn of the internet.Your time is money, for your boss as well as for you, personally.
For now, the best thing to do is to understand how Heartbleed works, and what you can do to protect yourself.
“Heartbleed can reveal the contents of a server’s memory, where the most sensitive of data is stored. That includes private data such as usernames, passwords, and credit card numbers. It also means an attacker can get copies of a server’s digital keys then use that to impersonate servers or to decrypt communications from the past or potentially the future, too.”
Fixing the problem involves change from both ends: the staff at the affected sites will have to change the locks, so to speak, and users will have to change their passwords.
Gizmodo notes that many major services like Amazon, Google, and LastPass are unaffected. Cryptography consultant Filippo Valsorda has created a Heartbleed test, with which you can check individual sites for vulnerabilities. But it’s important to note that just because a site shows up as “safe” today, doesn’t mean it was unaffected by the flaw prior to a fix earlier this week.
In other words, if you use any of these sites, you should definitely update your passwords.
Tell Us What You Think
Will you update all your passwords, or just the ones at sites that were known to be affected? We want to hear from you! Leave a comment or join the discussion on Twitter.