Heartbleed, Heartburn, and You
The startling and disheartening news about the recently discovered Heartbleed Internet security vulnerability no doubt has you wondering, “What should I do? What can I do to protect myself and my data?” The answer is, “Change your passwords for the affected sites. But not necessarily immediately, and not all at once.” Why not immediately? Because the vulnerability affects a wide range of servers across the entire Internet, and not all of those affected servers have been patched—changing your password on an unpatched server simply means that your new password may be purloined just as easily as your old one. Instead, you should avoid logging in to unpatched sites and servers until they are patched, and change your password at that point. The TidBITS article The Normal Person’s Guide to the Heartbleed Vulnerability provides several links to help you figure out which servers are vulnerable and which have been patched, and provides guidance about what you should do to protect yourself and when you should do it.
Eventually, of course, you will have a bunch of passwords to change.
If you use password-management software, such as LastPass or 1Password, that software can help you with that unwelcome but essential task. (AgileBits, the developer of 1Password, has posted an Updating Your Site’s Password guide to help you with your labors.) Browse safely, my friends.
Posted by Michael E. Cohen (Permalink)