Heartbleed – What to do and what not to do

OpenSSL-Heartbleed-vulnerability-CVE-2014-0160HeartBleed

What is it?

Heartbleed is the name that has been given to an extremely dangerous vulnerability in OpenSSL. OpenSSL is a protocol used on about two-thirds of the world’s websites including the FBI’s site, probably your bank’s website and your internet service providers servers. There has been vulnerability in this protocol for the last two years that allows hackers to access information being transferred to and from compromised websites and your computer. OpenSSL is also used in many routers – the devices that transfer data all over the internet. You probably have a router sitting on your desktop – it’s your connection to the internet.

What to do

Avoid secure internet transactions. Go to your brick-and-mortar bank location to do your banking. Do your shopping in person, not online. When your bank or other institutions notify you to change your password, change your password. If your internet service provider notifies you that you need to do something with your router, do it immediately. However, they will most likely be able to update your router without your involvement.

Last week the world was notified of this vulnerability. This means that all the hackers that were not aware of this vulnerability are now aware of it. You can be sure that they are now attempting to exploit this vulnerability. This is the absolute most dangerous time to engage in online commerce until this vulnerability has been removed. You can, however, test websites for this vulnerability at http://filippo.io/Heartbleed/. Be aware, however, that this is not an absolute guarantee of safety. If your router or other routers in the circuit are compromised, your data could still be at risk.

Because your data has been exposed for the last two years, you should contact Kathleen Hjort immediately or visit her website at www.kathleen76.legalshieldassociate.com and get identity theft protection. Legal Shield’s identity protection is the only service that will restore your identity for you in addition to providing alerts.

What not to do

DO NOT change your passwords online until you have been notified to change your password by the company or you have determined that the site is secure. This vulnerability does not give hackers access to data stored on servers – only data being transferred between your computer and the website. Hackers probably do not have your username and password now; if you go online and change it before the website has been updated, the hackers will be able to capture your username and password.