If you have a computer, you’ve probably heard of the Heartbleed Bug. What a mess. The Heartbleed Bug is actually a small mistake in a bit of code, but that code is used on about 60% of the sites that use that little locked sign on a URL address.
It’s complicated, but dangerous. This hole in the security can allow hackers to sneak in and read the memory of the systems that hold your user names, passwords and the content you’re entering.
The weird thing about this problem is that it has actually been around for two years — it’s just that no one knew about it. Or we think that no one knew about it. Hackers could have been sneaking around without any detection since the problem began. No one knows for sure.
Our knee-jerk reaction is to run around changing all our passwords, but that may not work. You may have already gotten updates from some of your services saying they’ve patched the hole, but until your sites and services take that action, you’re vulnerable until they close that door.
See?… It’s a mess.
I’ve rounded up the top stories that you need to read to understand what it is and what to do.
- What is Heartbleed?
- Why should I freak out?
- Why shouldn’t I freak out?
- Which passwords do I need to change?
- Where can I check all my sites?
I have been using LastPass for several years to track my passwords, and the service integrated a Heartbleed checker into their security check. Here’s what they shared when I read it:
As you can see, it shows the age of my password, whether the site has patched the problem and whether I should change my password right away. Yea for LastPass!
Beth–
I just saw this about an hour ago on FB. I thought the article I read said LastPass was compromised. True? Still a safe program?
Carolina
LastPass wrote a blog about that a couple of days ago. They said they’re safe. http://blog.lastpass.com/2014/04/lastpass-and-heartbleed-bug.html
Thanks!