Know Risk is a community education program designed by the Australian and New Zealand Institute of Insurance and Finance (ANZIIF) to improve our understanding of insurance and how it relates to managing the many risks we all face in life.
How to protect yourself from Heartbleed
By now, you’ve probably heard about something called “Heartbleed.” Firstly, it isn’t some kind of super disease that is threatening to kill us all or a congregation of people who have had their collective hearts broken.
Heartbleed is actually a security flaw that affects the most commonly used software for encrypting web traffic (OpenSSL). But what does that mean exactly? OpenSSL is basically a set of security protocols that protect the private information on any number of secure websites across the world. It’s the padlock you see on a website URL that forces you to log in every time you visit it and Heartbleed is a bug that has left a whopping big hole in the back of it.
Cyber security researches have warned that the bug could allow hackers to insert a probe into any vulnerable server and suck out all of the data contained within, which includes passwords, usernames, credit card numbers, encryption keys and secure ‘cookies’.
While a recent survey said that Heartbleed could have potentially left around 959,000,000 websites or two-thirds of all websites built around OpenSSL vulnerable to attack, leaving millions of every day website users at risk, there doesn’t seem to be any sign that a hacker knew about it. Phew.
What can you do about it?
While it is possible your accounts have been compromised, there’s not much you can really do about it yet as it’s up to the companies who run the websites to update OpenSSL and reissue their security certificates.
However, figuring out whether the sites you have accounts for are vulnerable would be a good start.
Lastpass has a great resource that checks websites for vulnerability against Heartbleed. Simply type in the website URL and click the button to get a quick report on its vulnerability rating.
The next thing you should do is change the passwords for your email, banking and social media accounts as soon as they have fixed the Heartbleed problem (using the Lastpass tool will let you know if the sites themselves don’t). Make sure you read our tips on creating a stronger, more secure password for your accounts. As a rule, it’s a really good idea to audit and renew your passwords on a regular basis. Until then, all you can do is wait.
Find some more information on the issue at this Heartbleed FAQ page.