Contact Us

How to Protect Yourself From the Heartbleed Bug


Have you heard about the newest bug that’s got the tech world pulling at their hair and on the verge of tears? It’s bad. Very, very bad and appropriately named “Heartbleed.”

Panicking won’t do any good, but being cautious will. Some experts predict that this bug could affect around two-thirds of all websites. Two-thirds is a big number so the chances you or someone you know will get caught in this tangled web are pretty good. I’m not trying to freak you out, but I don’t want to sugar coat it either.

Yesterday, the website Mashable suggested  you should immediately change your password if you use: Facebook, Gmail (or other Google services), Tumblr, Yahoo mail
GoDaddy, Intuit (TuboTax), Dropbox, LastPass, OkCupid, Soundcloud and others. But here’s the bad thing: if an affected website or service hasn’t patched the problem yet, your information will still be vulnerable. Pretty much the bug is just looming in the background waiting to pounce on your new passwords.

With the Heartbleed bug, there are four types of data that can be grabbed by the bad guys. According to Time, they are: “encryption keys; user info like passwords and usernames; “protected content” such as email messages, instant messages, credit card numbers and more; and “collateral content” such as data and code used to make the website function as intended.”

So what can you do to protect yourself short of shutting off all your devices and vacationing on a deserted island until this bug is squashed?

If you’re about to log into a particular site, visit this site first: Test your server for Heartbleed (CVE-2014-0160) and pop the site’s web address into the search box.  The link will tell you if the site you’re looking up is still vulnerable or not. Good news, I entered in the Hawk’s web address and we’re good. Whew!

If a website you visit every day is NOT affected, now would be a really good time to change your password on the site (if you use one) just to be on the safe site. For instance, as I write this, Facebook has no threat, so I logged in and changed my password.

However, and this is a big one- if the website address you typed in shows a breach- do NOT change your password. Remember that part I told you about changing it having no affect because the bug will just grab your new password? So, I typed in “LinkedIn” and got a message that read ” Uh-oh, something went wrong: write tcp broken pipe. It might mean that the server is safe, we just can’t be 100% sure!” Obviously since there’s a chance that the sight might be breached, I did NOT change my LinkedIn password.

The other thing we need to do is remember to have patience. This bug is wreaking havoc on so many, many websites and IT people are scrambling to fix the problem. It’s not going to happen overnight for most sites, especially the smaller ones, so we just have to wait it out. Better to have patience than to open Pandora’s box, right?

There’s a lot of research being done on the Heartbleed Bug and that means info on how to deal with it could change as more things are learned, but if you feel like investigating what’s going on a little more, CNet and Reuters are great places to start.

4/11/14: I just received an email from McAfee which stated in part: ” McAfee is currently in the process of auditing all of our services, and the services provided by our partners, for any dangers posed by Heartbleed. If there is any instance that the vulnerable version of OpenSSL is in use we will remediate with the utmost urgency. The severity of the Heartbleed vulnerability cannot be overstated: several major enterprises use OpenSSL, and are likely affected by this vulnerability as well. The dangers posed by this vulnerability are very real and could affect you if exploited.”

Best of 98.1 The Hawk

Recommended For You

Best Of The Web

Leave a Comment

It appears that you already have an account created within our VIP network of sites on . To keep your personal information safe, we need to verify that it's really you. To activate your account, please confirm your password. When you have confirmed your password, you will be able to log in through Facebook on both sites.

Forgot your password?

*Please note that your prizes and activities will not be shared between programs within our VIP network.

It appears that you already have an account on this site associated with . To connect your existing account just click on the account activation button below. You will maintain your existing VIP profile. After you do this, you will be able to always log in to using your original account information.

*Please note that your prizes and activities will not be shared between programs within our VIP network.

Please fill out the information below to help us provide you a better experience.

(Forgot your password?)

Not a member? Sign up here

Sign up for Hawk Country Club quickly by connecting your Facebook account. It's just as secure and no password to remember!

Sign up to have exclusive Hawk Country Club contests, events, coupons, presales, and much more delivered to you for FREE.