Trend Micro: Don’t have heartburn over the Heartbleed vulnerability
FYI, this story is more than a year old
There’s a new security issue in the news that many people are worried about. It’s called the “Heartbleed vulnerability.”
There’s a lot of confusion around it, especially about what most people should be concerned about and do about it.
To help you understand what’s going on and not panic, here are some answers to FAQs (frequently asked questions):
What is the Heartbleed vulnerability?
The Heartbleed vulnerability is a problem that affects SSL, the technology that helps protect your information on the Internet. You’re likely most familiar with SSL when you shop online or enter sensitive information on a site and see the “lock” that tells you your information is protected.
What’s wrong with SSL?
The specific problem here is that there’s a flaw that affects some of the websites that use SSL. This flaw can make it possible for someone to get access to that information that SSL is protecting.
What does this mean for me?
This means that information that you thought was being protected by SSL may not be as safe as you (or anyone) thought. This means that sensitive information like passwords, credit card information, or other personal information could have been exposed to others without your knowing.
How do I fix this?
You don’t. In this case, this isn’t a problem with your computer or devices. It’s a problem that websites have to take care of by fixing SSL on their site.
Can I tell if a site has this problem?
Unfortunately, not really. This is something that only the people running the site can know for sure.
Is there anything I can do to protect myself?
While you can’t protect yourself from this specific issue, you can take some steps to protect yourself from effects that this issue might have. Specifically, you can do the following:
* Make sure you’re running up-to-date security software on all your systems.
* Watch for suspicious activity of any kind. On your online accounts and your financial accounts.
* Change passwords promptly for sites that recommend you do so.
Is there anything else that I should know about this?
This is a new situation and there’s always a lot of confusion and conflicting information in these situations.
The important thing is to not panic, follow the steps that we’ve outlined, let the people who can fix this do so, and follow any additional instructions they give.
By Christopher Budd - Global Threat Communications, Trend Micro