Heartbleed Bug: What to do
You may have heard about something dubbed the “Heartbleed Bug” recently. Rather than a bug, Heartbleed is actually a previously unnoticed vulnerability affecting OpenSSL (Version 1.01 and beta 1.0.2), and was only discovered last week.
OpenSSL is widely used across the internet as part of website’s security and encryption tools. Any website using https:// will have SSL technology in use on the site in order to keep customers’ data secure. Although there is no evidence to suggest anyone has exploited this vulnerability, any security breach could of course have serious consequences.
Luckily, the best way to protect yourself and your important data is simply to change your password on affected sites. It is important to check that the website has fixed any vulnerability first though, or your new password will still be at risk.
To check if a website you’re registered with has been affected and you need to change your password following a vulnerability fix, use this free tool from LastPass https://lastpass.com/heartbleed
Some websites have already issued advice for their customers, and some of this is listed below:
Lloyds, HSBC, RBS, Natwest, Santander and the Co-Op have all confirmed that they were not affected by the bug as their systems use different technology.
Other big sites that have confirmed that they weren’t affected include Amazon, Hotmail and Outlook, eBay, PayPal and all of Apple’s properties – including iCloud and iTunes.
However, it is recommended that you change your password for Facebook, any sites run by Google (including Gmail and YouTube), and any sites run by Yahoo (including Tumblr and Flickr). Twitter and LinkedIn are reportedly unaffected.
Changing Your Password
If you have any passwords you need to change, it is a good time to think about the strength of password you are using.
The easiest way of increasing the strength of a password is by simply making it longer – so try combining multiple words together and then adding in numbers between them.
You could pick an easily memorable number (for example an anniversary, i.e. 26/07/1980) and then mixing this with a nonsensical phrase (‘pastasaladrhubarbsponge’) to get a suitably difficult password: Pasta26Salad07Rhubarb1980Sponge. The mixture of lower and upper case letters, numbers and the password length itself make this type of password very strong. The other benefit is that silly phrases are actually fairly easy to remember!
Another method for creating a strong password is to take a sentence or favourite line from a song or rhyme, and just using the first letter of each word for your password. Working in upper and lower case letters, as well as numbers, will make this even stronger. Again, these passwords tend to be fairly easy to remember.
e.g. “Jack and Jill went up the hill to fetch a pail of water” could become:
NOTE: This information is intended for general advice only; we would always recommend checking individual site’s statements for their most up to date advice.
“Thanks for getting me the calenders for my customers. Very quick service from first contact to delivery. Very good quality calenders very easy read for older people. Thanks again.”
Ambrose McSparron, Independent Funeral Director