Heartbleed is not the first security breach on the Internet.
As technology advances the risks to security increase. Hackers revel at the challenge to break past the so called best security measures. The Heartbleed issue is not new, it has been in existence for at least two years – undetected. A coding error opened a hole for hackers to enter. Putting protected information is at risk.
Securing your personal and financial information may seem overwhelming. Individuals with Anxiety Disorders, namely Obsessive Compulsive Disorder (OCD) may feel an added challenge when developing a plan on how to protect themselves from hackers on the Internet. Ruminations, intrusive thoughts, imagination, lack of proper information, can all become barriers and create a greater anxiety.
However, if you take the time to understand the security issues and risks you can protect yourself for the future.However, it is important to know it is not impossible to protect yourself on the Internet. With a few steps and planning you will gain control of your personal security online.
Learning to understand the risks, security issues, software instructions, and how to create a plan to increase your security in the future will empower you. Let’s begin with understanding what the Heartbleed breach is.
What is Heartbleed?
Heartbleed is a security breach in the software that secures personal information on websites. It is not a virus, rather it is like a doorway into the back office or file system. This doorway allows anyone with the right software to steal sensitive information like your user name and password.
The software is called OpenSSL. SSL is an acronym for Secure Sockets Layer, a program that acts as a lock on files. OpenSSL is an open-source implementation or enforcement of SSL and TSL (transport layer security). Both SSL and TSL are security programs that keep your information locked away from prying eyes. The keys that encrypt personal data are accessible through the hole created in the code. The versions of OpenSSL affected are 1.0.1 to 1.0.1f. The non-vulnerable patches are 1.0.1g, 1.0.0 branch, and 0.9.8 branch. OpenSSL 1.0.1g was released April 2014 and fixes the heartbeat breach. Visit the Heartbleed Bug website for a detailed, technical explanation.
It is not necessary to understand the technical workings of OpenSSL & TSL to secure your personal information. However, if you wish to read the details and technical issues with keeping you secure on the Internet, see the Resources section.
Odds are the heartbleed bug affected at least one website you visit regularly. Check to see if a password change is recommended.
What Sites Are Affected?
OpenSSL websites use the prefix of ‘https’ and a picture of a padlock. Websites that use this prefix may include financial institutions, membership sites, social networks, email websites, shopping websites and department stores. The list is extensive. For a complete list of websites affected and updated status, refer to this table by CNET or use the Lastpass heartbleed checker. Other sites to consider will include your banking institutions; anywhere you have provided your financial information. When in doubt contact the website and ask if they have upgraded their security measures.
10 Steps You Can Take to Gain Control
Discovering your personal information may be at risk is stressful and fearful. The idea someone may have stolen your information may lead to a paralyzing fear, sense of hopelessness and ruminations that feel beyond your control. Ruminating on the possible problems, fantasizing about the worse case scenario, are normal responses to feeling threatened. Understanding your triggers, symptoms, and coping mechanisms is an important part of taking back control of the situation.
Take the initiative to secure your information. Following these steps to help you formulate a plan to protect yourself now and in the future.
(1) Research and collect information, gain a clear understanding about the Heartbleed security issue. Separate fact from fiction. For example, heartbleed is a bug not a virus. (See References)
(2) Remind yourself that there is a fix to the problem. You have the control and the tools to take care of yourself and secure your personal information. (See Step 8)
(3) Ask a friend or family member to assist you. If possible, be specific as to what you require and how he or she may be able to help. Having a little support can help make the process feel less daunting.
(4) Create a list of websites you have had to provide personal and/or financial information. Review the CNET list of sites that were affected, or use the LastPass Heartbleed Checker to verify if they are vulnerable to the heartbleed bug. If a site you are concerned about is not listed, contact the customer service center and ask if they have upgraded their security certificates and safety measures. (See References)
Photo taken by Tomas Laurinavicius
Manage your online security and peace of mind by following these ten steps. Security is a personal responsibility.
(5) Change your passwords at the websites that have updated security measures. Create unique passwords using numbers, letters (caps & non-caps), punctuation and/or special characters. Use different passwords for each website, never use the same one twice. Never use your pet’s or child’s name, birth dates, anniversaries, or other familiar data.
(6) Clean the internet browser history, cache, temporary internet folder, after every use. You can set the internet options to delete this information when you close the browser through the options or tools menu, depending on the browser you use. Keep your browser updated. (Consider using a different browser like Firefox.)
(7) Create a plan to empower you to manage emotions when using the Internet now in the future (i.e. change passwords every 3 months, clean cookies and Internet temporary folders daily, update security software weekly, etc.)
(8) Consider using additional security resources to secure your computer and secure/create passwords. Use a firewall, anti-virus and password vault program to secure your computer and personal information. (See Security Resources to Consider)
(9) Log out of websites when finished (i.e. financial institutions, membership sites, etc.) When using public internet connections clear cookies and browser history.
(10) Monitor your credit reports and financial statements regularly. Notify your bank of any suspicious activity. Never log into your financial institutions from public computers.
Security Resources to Consider
Never assume the website you are sharing your information with is secure. Consider it your personal responsibility to ask questions, read the fine print, and request clarification regarding the security measures the company has created. Security is a personal responsibility.
Security programs are abundant on the internet. Whether you use the ones recommended in this article or not, you should always read the small print. Educate yourself about the program’s features, tools, and preferences. Do not install any program until you understand the features and the risks.
Security software includes antivirus, malware and spyware, firewall, and password vaults. It is suggested to layer your security. What this means is install a firewall and antivirus program to block the possible threats. If you select one of the more advanced antivirus programs you will obtain the added benefit of blocking malware and spyware.
Before selecting your security software read the reviews, research the programmer or vendor of the program you are considering. Check the compatibility of the program with your operating system, computer hardware and ease of use. Read the FAQs before installing.
Password Vaults (Save all your passwords in one place)
LastPass is a free secure password vault. Tools include team creation for businesses, define profiles, generate passwords, store personal information including credit card profiles. LastPass is available as a browser add-on for Internet Explorer, FireFox, and Google Chrome.
1Password: is available for MAC, PC, iPhone, iPad, and Android devices. Storing your passwords and other sensitive information in a secure vault. 1Password is a paid subscription.
The primary purpose of anti-virus software is to act as a filter between your computer and the millions of computers linked to the internet. Anti-virus software screens the incoming information for known virus codes. If there is a potential virus it is either removed or quarantined. There are many anti-virus programs to select. Following is a list of three of the more popular.
If you are not sure which anti-virus program to use, AV Comparative offers a full screening and reports on the latest tests for available security software.
AVG Anti-virus: AVG is free to use with an upgrade to paid subscription. You can download it from CNET’s download center. The upgrades to AVG incorporates personal data protection, anti-virus, and is more user friendly than the previous versions.
McAfee: is a paid program with an online subscription or disk. Both types are available for mobile devices, tablets, MAC and PC’s. The various options include a SafeKey for storing your passwords and personal data similar to LastPass. Yearly subscriptions are available. You may select from All Access, Total Protection, or Anti-virus.
Norton’s by Symantec: is anti-virus software, like McAfee, offers a full protection plan to use on all your devices or an anti-virus stand alone. The options to obtain the program are direct download from Norton’s website or disk purchase. Norton’s does offer a subscription, one, two, or three year options.
Photo taken by Sara Cimino
Peace of mind follows the use of a plan, staying informed and reaching out to your support system.
Unsure of which site is secure? McAfee offers an online security test, simply enter the URL of the website and click. Another test site is Filippo’s Heartbleed Server Test. Bookmark these sites to use when visiting a new website or to keep a check on the ones you use all the time.
The Heartbleed issue is another learning lesson in using the internet. With all the options and ease of use, it is easy to forget there are security problems. A fix is in the works to close the Heartbleed hole. It is available to all software vendors and slowly they are updating their OpenSSl programs.
Keep your security software up to date, change your passwords regularly, watch your financial statements for oddities, and report them to your bank. Use the Heartbleed security test tools to check the websites you use. (See Security Tests above)
You have control in securing your personal and financial data. Peace of mind follows the use of a plan, staying informed, and reaching out to your support system. Managing anxiety and ruminations is integral to taking care of yourself. Review your plan of action to manage your emotions and internet security on a regular basis. If something is not working, change it. Research possible alternatives and utilize your support system.
- ARS Technica: Critical crypto bug exposes Yahoo Mail, other passwords Russian roulette-style
- CNN Wire: Heartbleed bug: What You Need to Know
- Agilebits Blog: 1Password, Heartbleed and You
- Time: How to Protect Yourself against the Heartbleed bug
- LastPass: Security Challenge
- Wikipedia: OpenSSL