This week it was revealed that there is a major flaw out there on the Interwebz that potentially affects 2/3 of all web sites. That seems like a big deal and it is, according to InternetLiveStats.com there are over 938,000,000 websites so the Heartbleed Bug could affect over 600 Million web sites and that includes the world of Google, Yahoo, eBay, Internet Banking, Twitter, LinkedIn, Facebook and basically any other website that uses the LAMP Stack and leverages the OpenSSL standard for generating security certificates.
I generally never really took much stock in increasing my Security Posture when it came to my online life. I reset my passwords on a regular basis and tend not to surf to unreliable sites or download things that are questionable but this latest flaw had me really really thinking and after listening to This Week in Google on T.W.I.T TV last night before bed I took some precautions to protect myself and the things that are important to me:
- Installed LastPass – a Password Manager that lets me tie all my passwords to an encrypted connection. I installed it on EVERYTHING that I own so that I can control my future and as my online presence doesn’t seem to be getting any smaller, the number of passwords that I need to try to remember is growing exponentially, so logging in once makes my life a whole lot easier!
- Enable all the browsers that I use to Check for SSL Server Certificate Revocations. In Google Chrome this is located in Settings=>Advanced Settings=> and then add the check box under HTTPS/SSL for Check for server certificate revocation:
- Log out of all sites when I move on…no more staying logged in to Facebook or just closing the browser on my Banking Sites…I am actually logging out each time!
These two things do not alone give anyone 100% protection but I have also taken the time to update all of my passwords and made sure that I have used a VERY STRONG authentication for everyone of them using http://passcreator.com/ and then connecting the new passwords (I ran through the tool 15 times and then randomly visited all of the sites that I have log in credentials for) to LastPass.
The scariest thing about Heartbleed, is that it has been a known flaw for the past 2 years which means our personal data has been at risk for more than 750 days and we just didn’t know. Take the time to protect yourself moving forward. While the flaw had the potential to do damage to everything from your credit rating to your personal reputation (and online persona) by being able to scrape plain text username and passwords stored in the memory of unpatched web servers…the risk overall is fairly minimal as long as you now take the time to protect yourself moving forward.
Cheers and Safe Surfing!