It’s Not Safe to
Go On the Internet
The Heartbleed bug started an Internet panic. And for good reason.
The bug compromised more than two thirds of all “secure” websites, email services, and mobile apps on the Internet. This means those sites and services were not really “secure” at all.
Many businesses have already fixed this security bug. Independent Living is one of them.
If you’re worried about the sites you visit, you can check to see if they’re safe. Just use one of the links below. Enter the web address of the site you want to check on, and see whether it’s safe to visit.
This is big news. And it has huge implications for everyday Internet users like you and me.
To get a better idea of the risks, we need to understand more about the “bug” itself.
Most secure websites use something called “OpenSSL software” to protect user information. But then the Heartbleed Bug was discovered, which isn’t a “bug” at all, but is a programming error within the OpenSSL software itself. This programming error makes any website that uses it vulnerable to malware and cyber criminals.
Because of the Heartbleed bug, your personal information on social media networks could be hacked. The accounts themselves could be hijacked and used to spam your friends and family. Websites where you shop regularly could be compromised. Your financial details could be at risk.
When the news broke last week, many people scrambled to update their passwords and secure their personal information. If you were among them, you may think you’ve secured your accounts against the Heartbleed bug.
But, despite your best efforts, you may still be vulnerable.
Misinformation and Bad Advice
In response to the Heartbleed bug, companies flew into action to secure their online properties. They scrambled to offer assurances to their customers that all was well. Many of them turned to third-party software to detect the Heartbleed bug. This third-party software is able to scan a website to determine its vulnerability to the bug.
Unfortunately, according to Hut3, a security consultancy in London, 95 percent of these tools are flawed. They may scan a site and report—erroneously—that it is unaffected.
Many companies have already claimed their sites are safe, but they’ve based their findings on these unreliable tools.
I urge you to continue to be vigilant. If you shop online, even on sites that claim they are safe, you may still be putting your personal and financial information at high risk.
Here’s how to know which sites are likely safe and which may be a risky proposition:
- If a website states that it does not use OpenSSL, the Heartbleed bug will not affect that site.
- If a website confirms that they have installed a patch to secure it against the Heartbleed bug, that site will be safe for you to visit. (We’ve already installed the necessary patch to protect shoppers on our Survival Pro Shop site, for example.)
- If a website claims it has tested for Heartbleed vulnerabilities and found none, be wary. It is highly likely that they used a faulty tool for testing. Your information may be at risk if you log in or shop there.
Why Changing Your Passwords
Might Not Be Enough
Here’s another problem that you should be aware of. The panic triggered by the Heartbleed bug was widespread. And the cry went out to change your passwords on everything. Immediately.
But if you changed a password for a website before that site was fixed, your new password may have been compromised too, making your information vulnerable even after the site is fixed.
Going forward, I recommend you take a methodical approach. Start with your most critical online activities— banking, accounting, shopping, and anything else where financial information is in play. Visit each site with which you have an account. Check to make sure they have each been updated against the Heartbleed bug. (Keep in mind some may not have been vulnerable in the first place.)
Once you’ve confirmed they’ve fixed the site, log in and change your password.
If you communicate with your place of business through a Virtual Private Network (VPN), avoid using it until your company’s tech team has assured you it’s safe.
Next, take care of your email accounts and social media sites. Check to be sure each site has taken steps to prevent further compromise from the Heartbleed bug. And then update your passwords.
Finally, check that your router and printer are unaffected.
How Much of Your
Data is at Risk?
The potential to exploit websites using the programming error now known as the Heartbleed bug has existed for the last two years. You should take steps to protect yourself in case your information has already been stolen.
You can monitor misuse of private information by setting up Google Alerts for key terms. Google will send you an alert whenever a web page or blog post uses the key terms you are monitoring.
If you haven’t already done so, set up a credit monitoring service like LifeLock to help protect your identity and your financial accounts from cyber thieves.
In the meantime, it may be best to keep your accounts inactive. It will probably be several weeks before the Heartbleed bug is no longer a danger at all. During that time, avoid sites that may have been compromised and that have not confirmed they have patched their systems.
P.S. It seems every week, a new threat to your privacy materializes. If you’re sick of it all, join me in saying, “Enough is enough,” and start implementing my detailed and comprehensive plan for living a lower profile lifestyle. Find out how today.