Heartbleed Bug: How To Tell And What To Do If You're Affected By OpenSSL Heartbleed Vulnerability

The disclosure of the Heartbleed bug in OpenSSL, an open-source version of encryption software used to secure communications on the Web, sent the Internet into frenzy Monday as people realized that websites secured with the software were vulnerable to hacking.

A fix for the Heartbleed bug was quickly released by the OpenSSL Project, the developers behind the open-source software, soon after the news of the vulnerability. But users of websites affected by the Heartbleed bug were left wondering what they could do to protect themselves while sites worked to implement the new patches for the OpenSSL software.

What can be done on my end to protect myself from the Heartbleed bug?

Unfortunately, the bulk of the security fixes will need to be done by the websites you visit day to day. The Heartbleed bug affects only sites using the OpenSSL implementation of Secure Socket Layer (SSL), which is used to protect communications, such as those done through banking websites or others that require any sort of secure communication. The Heartbleed bug generally doesn’t affect sites that don’t rely on SSL, such as a personal blog or general sites that don’t encrypt communications.

But if you’re unsure whether the site you’re visiting is still affected by Heartbleed, you can use tools provided by Filippo Valsorda or LastPass to see if it is affected by the bug.

Should You Change Your Password?

Changing your passwords on a regular basis or at least making them more secure is always a good practice to have, regardless of whether there’s a security breach that makes you vulnerable on the web. Nevertheless, it’s best to check if a site you use is still affected by the Heartbleed bug before changing your password. Otherwise it’s possible that the vulnerability could even compromise your new password before a website is patched by its developers. Once a website is patched, it is recommended to immediately change your password, especially if you use that password on other sites. Get creative and use a combination of upper case and lower case letters, numbers and special characters to create a more secure password. It might also be a good time to stop using passwords such as “password” and “123456.”

In addition to the tools available on the Web to test for the Heartbleed vulnerability, several sites affected by the bug, including popular music streaming service Soundcloud have been proactively notifying their users about the bug when users log in and on their official blogs.