5 rules of using internet after "HeartBleed"
You know the lock icon that pops up next to URLs to tell you a website will keep your information safe? It turns out it has actually left your private data unsecured for more than two years.
What’s more, any attacks let in due to the bug can’t be traced, experts say. This is a gaping security hole with “epic repercussions,” director of security firm AlienVault Labs Jaime Blasco says, even if you’re starting to become numb to all the data breaches of late.
Here are 5 rules for using the Internet after Heartbleed.
1. Trust no one
Run the websites you have accounts with through tools like the Heartbleed test to see if they’re vulnerable or if the security gap has been patched before logging on. The page is fielding about 4,000 searches a minute, Milan-based freelance developer Filippo Valsorda said. Download the Chrome browser extension, Chromebleed, to receive notifications when you land at a website that hasn’t fixed the problem yet. “In computer security, you never know when there’s going to be a vulnerability,” says Joost Bijl, marketing manager at the security firm Fox-IT.
2. Change your passwords and use two-step verification
‘Heartbleed’ bug threatens sensitve data, and more
Website companies are racing to fix a major security flaw caused by a software bug called Heartbleed. Goldman Sachs mulls closing its dark pool, Sigma X. 20 hurt in Pennsylvania school stabbings.3. Be wary of public Wi-Fi networks
Turn off the setting that autoconnects your smartphone to public Wi-Fi networks, which can be exploited by malicious hackers. Airport and hotel Wi-Fi connections are convenient, but experts say these unsecured connections leave you open to attacks. When you do use them, set up a virtual private network to secure your Internet traffic. There are some free VPN services, though many charge monthly rates.
4. Monitor recent account activity
Some companies, like Google, offer email activity reports that show where and when an account was accessed. On Gmail, click on the small “details” button at the bottom of your inbox for a report complete with timestamps, maps and IP addresses. If a timestamp doesn’t match up with your usage, change your password (and remember rule No. 2, two-step verification).
5. Install all the annoying security updates and read the alerts
Everyone’s guilty of snoozing the prompts to install a security update and reboot, or ignoring an alert message to get to a Web page. These updates guard your computer from malware and other threats, and also fix any security gaps that might have gone undetected when you first downloaded software. If a security alert pops up on a familiar website, users sometimes ignore the notice and hit accept to move on, but can get caught in what are known as “man in the middle” attacks where a hacker eavesdrops on communications. “Users really don’t care and usually they don’t read those messages,” Blasco says. “Please read the messages and try to understand what you’re doing before you really make a mistake and your data can be compromised.”
source: MarketWatch.com
For more info about "HeartBleed" visit: www.heartbleed.com
To check whether your server is affected by this bug click here.
Comments
Post a Comment