April 10, 2014 by Colin Kelly
The discovery of a security vulnerability is huge news for security companies and those who provide services over the internet.
It’s also given all the consultants and experts tonnes to talk about.
But the truth, for you – it’ll likely have very little impact.
If it was going to, you’d know by now.
This post from Mashable is one of the more useful responses to the whole saga. You can see at a glance the majority of services you likely use are not affected.
The smart thing to do is keep an eye on your credit card statements for strange activity. Check back the old ones over the last 2 years and see if there’s anything that shouldn’t be there.
Think about old dormant accounts you have – maybe an old Yahoo Mail that you’d forgotten about. Once Yahoo tells you its safe to do so, that would be a password to change, or just shut down the account altogether.
Some small business e-commerce traders might be affected. If the criminals have exploited this flaw – and there’s no evidence at this stage that anyone ever did – then there’s a chance your details may have been captured. That’s another password you should consider changing, once it’s safe to do so.
Going forward, best practice is to have a credit card entirely for online purchases. That way, you can see very quickly what’s being going on with your account.
It’s also wise to regularly change your email password and make it as long and complex as possible. Your email is one of the most vulnerable areas of your online life, as if I get into your email I can probably see very quickly which other services and platforms you use and if you use the same password there as you do with email then suddenly I can get into everything.
Above all, where possible, sign up for 2 step verification. This means if your account (on social networks, email, cloud storage etc) is ever accessed from a device you don’t normally use, you have to enter a code sent to you via text message, before it’ll let you in. It means even if someone did get your password, it would be no use to them.
The good news is the major banks were never at risk since they use their own form of encryption. The household name ecommerce sites and social platforms either weren’t affected or fixed things very quickly. In any event, they’ll be in touch to tell you what to do.
The ones to watch are the sites you’d forgotten you had an account with and less well-known online stores. Even then, the chances of you being a victim are very small and if you were, you’d likely know about it by now.
It’s a huge embarrassment for the industry that what was supposed to be ‘Secure’ and even had a wee padlock underlining the fact, actually wasn’t. But in terms of what this means for you and I, it’s actually not that big a deal.
Remember this flaw was exposed by an internet security company. Most of the commentary about it is from internet security experts.
Don’t panic. Make your email secure, use 2 step verification, check your statements and consider a card exclusively for online purchases. Shut down dormant accounts and take whatever actions service providers tell you to.
In the majority of cases, I fully expect Heartbleed will turn out to be the online equivalent of the Millennium Bug.