Tuesday, April 22, 2014

Too Much Misinformation About Heartbleed

For more than a week, Heartbleed -- an internet security bug (flaw) -- has received a lot of attention because, it puts the passwords of billions of Internet users at risk.  Essentially, if the "criminal minds" among us are tech savvy enough to take advantage of this flaw, they could watch everything you type on a login screen; including the password that you previously thought was secured.  So, the general advice out there is that you should log into all of your accounts and change your passwords.  That way, any unwanted observer of your now unsecured login can't follow you back into your account; once you've logged off. That information is both right and wrong at the same time.

What's wrong is that, if a site doesn't patch the bug before your next log in, your password is again at risk and must "again" be changed.  So,  how do I know if a site is Heartbleed protected?

Well, many  have already patched or fixed their vulnerability and have modified their login screens to indicate that fact.  But, even if they do or don't, the biggest names in network security -- Norton, Symantec and McAfee -- have free online webpages that will "test" any login screen for the Heartbleed vulnerability. Those sites are as follows:
Personally, I prefer the Norton test. I've experienced some errors with the other two.

So, go ahead and change your passwords.  But, before you log in again, do the test.  If the site fails, then either don't log in at that time or, if you must, change your password again before you leave.

No comments: