When news of the heartbleed OpenSSL flaw hit the Web last week, it send the online security community into a tizzy, and rightly so. The Mac Observer shared some tips on what you can do to protect yourself, and now we have some more help keep your private stuff out of the hands of the bad guys.
Not sure how to deal with the heart bleed OpenSSL bug? We have more tips for you.
SSL Server Test
The heartbleed bug takes advantage of a code flaw in OpenSSL that could let the less than savory Internet citizens get ahold of the server keys that keep your personal information -- such as passwords and credit card numbers -- secret. Most companies have been hard at work updating their servers to protect from the flaw, but what if you aren't getting any feedback to let you know the sites you want to visit are safe?
Qualys SSL Labs gets that you want to know right now if the sites you visit are safe instead of waiting for an email that may or may not come, so they put together a site where you can test SSL status for any webpage. All you need to do is enter the URL, and it'll let you know if it's safe. Sites that get an A grade are good to go, a B means it's most likely safe.
Heartbleed Quick Reference Chart
Do you use Facebook, Instagram, or Tumbler? Should you change your passwords for those sites? Hint: The answer is yes.
Mashable put together a chart that showing whether or not many popular sites are susceptible to the heartbleed bug, if they've been updated, and if it's time for you to change your password.
Password management apps like 1Password and LastPass are great for generating random passwords, and you can even do the same in OS X on your Mac. If you want to use hard to crack passphrases instead of passwords, however, it's time to turn to Arnold G. Reinhold's Diceware Passphrase website.
Instead of relying on software algorithms to make random passwords and passphrases, the Diceware site includes a list of 7,776 words that you string together by rolling dice. As in actual, real world dice. The numbers you roll determine the words in your passphrase, and until you actually use the phrases you create, they don't exist in any computers.
The bottom line is that it's up to the administrators managing the sites you visit to take care of protecting against the heartbleed flaw, but that doesn't mean you're powerless to and completely at their mercy. Stay on top of monitoring the sites you need to visit to make sure they're OpenSSL-safe, and make sure you're using strong and unique passwords at the sites you visit, too.
These tips came from a great heartbleed discussion I was part of on the TUAW Talkcast on April 13. Be sure to check it out for more on this nasty little OpenSSL bug.