Does changing your passwords quickly, after the Heartbleed bug was discovered, protect your bank account, credit cards, or email accounts? The Heartbleed bug is being called by many security experts the most serious bug that has hit the Internet because it is affecting websites that were supposedly secured. According to an April 9 NPR report, the way banks and other companies protect the Internet user’s data from hackers is by providing OpenSSL.
SSL stands for Secure Socket Layer and is a cryptographic protocol that puts the S in “https” – which can be seen on Web addresses whenever a user goes to a website that is secured. SSL encrypts a user’s data like passwords and personal information as it travels to a company’s server. By making the Internet user’s data indecipherable, hackers are supposed to be prevented from getting access to the most personal information. OpenSSL software is used by about two-thirds of websites.
Just recently, it was discovered that there has been a hole in that most vital security system (the heart) and that secure information has been “bleeding” out to hackers and other cybercriminals – since March 2012. The Heartbleed bug has experts especially worried because an attack can happen without leaving a trace. According to Heartbleed.com, “the Heartbleed Bug is a serious vulnerability.” In order to remedy the “bleeding heart,” companies like Google, Facebook, Amazon, major banks, and other websites have to fix the security hole.
Changing passwords on websites that have not applied the available security fix still leaves Internet users vulnerable. CNN Money writes that the Heartbleed bug is “the worst security hole the Internet has ever seen.” CNN also reports that Google, YouTube, Gmail, Facebook, Yahoo, Yahoo Mail, Tumblr, Flickr, and OKCupid have fixed the bug and that users can change their passwords.
Companies like AOL and Mapquest, Bank of America, Charles Schwab, Chase bank, Fidelity, E*Trade, HSBC bank, Microsoft, Hotmail, Outlook, PayPal, Scottrade, TD Ameritrade, Wells Fargo bank, and U.S. Bank did not use the affected software or used a different version and are not affected. Internet users might pay attention though to any alerts by the above companies when visiting their websites.
CNN reports that it is unclear whether Amazon, American Express, Apple, iCloud and iTunes, Capital One bank, Citibank, LinkedIn, PNC bank, Twitter, and Wikipedia have applied to bug and/or are affected. CNN recommends checking on the above sites and to wait before changing passwords.
However, when it comes to changing passwords, whether in response to the Heartbleed bug or any other Internet bug, WSJ is providing some helpful hints in its Heartbleed bug video on how to best change one’s passwords. It is a practice that is highly recommended for any Internet user – at any time.