+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Heartbleed Isn't Dead - 300,000 Servers Are Still Exposed - But Here's How You Can Protect Yourself

Jun 23, 2014, 18:39 IST
Flickr/Gabriel Saldana

The massive security vulnerability known as "Heartbleed" dominated headlines for most of April, but more than 300,000 servers are still susceptible to Heartbleed, according to Errata Security researcher Robert David Graham (via ZDNet).
The Heartbleed bug, which remained hidden in the OpenSSL software that secures web communications for years, was first discovered on April 1 by Neel Mehta of Google's security team. Heartbleed is a vulnerability in the way your web browser talks to a website over an encrypted channel. This leaves your communication open to potential attackers looking for information linked to banks, e-commerce sites, and other places around the web that use your identifying information. When it was initially announced, Graham said there were about 615,268 servers vulnerable to the OpenSSL bug. A month later, he found only 318,239 vulnerable servers, meaning about half of the servers exposed to Heartbleed had been patched. But Graham's most recent findings announced Saturday, which show 309,197 servers still vulnerable, are a bit troubling: "This indicates people have stopped even trying to patch," Graham said. "We should see a slow decrease over the next decade as older systems are slowly replaced. Even a decade from now, though, I still expect to find thousands of systems, including critical ones, still vulnerable. I'll scan again next month, then at the 6 month mark, and then yearly after that to track the progress." Until more servers are patched, here's what you can do to keep you and your data protected while on the Web:
  • List out all of the important websites you use and accounts you own. Think of all your online identities (see: social media accounts), but definitely jot down any apps or websites you use for banking, medical data, email or messaging. Think of stuff you don't want others to access; as a guide, take a look at your bookmarks.
  • Check which of those sites is still vulnerable to Heartbleed. While CNET has a useful status list for a number of popular websites, there are online Heartbleed checkers, like the ones created by LastPass or Filippo Valsorda, as well as browser extensions for Chrome (Chromebleed) or Firefox (Heartbleed-Ext). For sites that are still affected by Heartbleed, you may want to hold off changing your password until a patch arrives, as you'd probably have to change your password again once it's all fixed. Until then, avoid using the service, if possible.
  • For all sites that are no longer vulnerable to Heartbleed, you should change your passwords, especially if you haven't done so recently. Use plenty of number and letter combinations but don't use actual words. And if you can, vary your passwords with every site you use. It's obviously not easy to have so many different passwords and remember all of them, which is why there are plenty of password management apps out there for you, including LastPass, 1Password, Dashlane, Lookout and PasswordBox.
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article