Heartbleed FAQ

Heartbleed’s most frequently asked questions Answered here for you:

Heartbleed is a vulnerability in the website security system called SSL that is used by hundreds of thousands of website worldwide, luckily the vulnerability is easy to fix for the website controller, but it’s taking time to get them all patched and different sites are being patched different speeds.

The most common issue that the average small business person or home user will see would be that little “lock” or “HTTPS” in the top of their web browser that indicates they are on a secure website, might not actually be secure at all. Leading people to believe they are sending personal details such as SIN numbers, credit card numbers and other personal information securely when in fact they are not.

Heartbleed breaks the security of the website “lock” mechanism silently so it still looks secure when it’s in fact not. What that lock looks like will vary depending on your web browser but here are some examples:


Cnet published an article Friday about Heartbleed with a lot of technical details but written so that the average person could understand it. Well done Cnet.

But the most 2 most common question I am getting from my clients are:

1. How do I check if a Web site has been affected — or fixed?

A few companies and developers have created testing sites to check which Web sites are vulnerable or safe. Two good ones are by  LastPass, a company that makes password management software, and Qualys, a security firm. While these test sites are a good preliminary check, continue to proceed with caution, even if the site gives you an all-clear indication. If you’re given a red flag, however, avoid the site.

But the most prudent thing to do is to get confirmation from the site through one of its official channels. Lots of companies have been putting up blog posts and issuing statements about the health of their sites. Or you can email a site operator or customer service person directly.

2. Should I change my passwords?

For many Web sites, yes. BUT wait until you get confirmation from the Web site operator that the bug has been patched. It’s a natural reaction to want to change all of your passwords immediately, but if the Web site’s bug has not been fixed yet, making the change could be useless — you’re just potentially giving an attacker your new password.

Read the entire article here: http://www.cnet.com/news/heartbleed-bug-what-you-need-to-know-faq/

Stay safe!