The Heartbleed vulnerability - otherwise known as CVE-2014-0160 - is one of the most serious security flaws ever to emerge. Its impact has yet to be fully assessed and, given that it has gone undetected for two years, it is likely that we will never know exactly how much damage its responsible for. To stop yourself from becoming one of the victims, here are five things you need to do now to save yourself from Heartbleed.
1. Check whether websites or services you use are safe
Most big websites such as Google or Amazon can be considered safe. There is a continually-updated list of vulnerable websites currently sitting on GitHub. The initial leaderboard has 10,000 websites obtained from Analytics company, Alexa. While the BBC and Apple are not at risk, others like online retailer Farnell or PR website, Cision, were still vulnerable at the time of writing. You can check individual websites for the Heartbleed vulnerability using this online service.
2. Don't panic
There's no need to buy additional security package if you already have a decent, recently updated antivirus suite. There will inevitably be scams that aim to capitalize on the uncertainty surrounding Heartbleed, but don't let concerns about one vulnerability lead you to expose yourself to something even more malicious. Only 600 out of the top 10,000 websites on the web are vulnerable and that number is decreasing by the hour.
3. Change your password
You should change your password regularly anyway. But make sure that you do that after the service or site has been updated, otherwise your new passwords will be exposed too. Check out our tutorial on how to make your passwords more secure. If you're a business owner, you might want to evaluate security across your company at the same time.
4. Keep a close eye on your online transactions
Your personal details could have already been compromised given that knowledge of the bug was already in the wild for a few days already. While it might be too late to take preventive action, you should still check your bank accounts regularly - this is where criminals are likely to hit first. If you haven't already done it, we strongly advise you to enable two-step authentication which is an additional obstacle for hackers and often requires some sort of physical interaction.
5. Demand action
As a consumer, it is only fair to know whether your data is securely stored or whether websites you visit have been properly patched. So, ask online retailers or services you use whether they have taken remedial actions to eradicate the Heartbleed bug.