Managing Your Online Accounts after Heartbleed

This post is for consumers who would like to manage the threat that heart bleed represents to their online accounts and personal information. So I’m not going to go into an explanation about what Heartbleed Is, but instead I’m going to give you a demonstration of a tool you can use that will help you to identify;

  1. Which of your accounts are at risk
  2. What you need to do to manage that risk for each site
  3. And when to take the steps to manage the risk for each site.

Lastpass is a password vault that keeps track of all the usernames and passwords to your online accounts. This is not a paid Using lastpass to manage accounts after heartbleedendorsement of lastpass, I’m not being compensated in any way. I simply use it to great effect in my business and professional life. In this demonstration you will see exactly how beneficial and useful the tool is specifically in the face of the Internet bug known as heart bleed.

What Is Heartbleed

Here’s an excerpt from a well-written article found on digitaltrends.com. The original article and an illustration supporting it can be found here

First the girl asks the server to indicate whether it’s still online by telling it to say “Potato,” and indicates the length of the word. The server responds with “Potato,” while withholding all of the information surrounding “Potato,” written out in a lighter hue in the server’s speech bubbles. The hacker then asks the server to repeat the same task, but instead replaces “Potato” with “Bird,” and indicates the length of the word. The server complies.

Then, the hacker asks the server to say “Hat,” but instead of noting that it’s a three-character word, she states that it’s 500 letters long. The server responds not only by saying “Hat,” but also by leaking out the information around the word. By doing so, it reveals sensitive server information, including a “master key,” which the hacker begins to jot down.

This is a basic explanation of how the Heartbleed bug works. The Heartbleed bug is a flaw in the OpenSSL method of data encryption used by many of the world’s websites, which was actually put into the code accidentally by a programmer roughly two years ago.

OpenSSL contains a function known as a heartbeat option. With it, while a person is visiting a website that encrypts data using OpenSSL, his computer periodically sends and receives messages to check whether both his PC and the server on the other end are both still connected. The Heartbleed bug allows hackers to send trick heartbeat messages, like the one pictured in the comic above, which can fool a site’s server into relaying data that’s stored in its RAM — including sensitive information such as usernames, passwords, credit card numbers, emails, and more. This is the part of the flaw that the Xkcd comic illustrates.