Tips and Tricks on Surviving the Heartbleed Bug

As many of you have heard this week, a significant vulnerability was recently discovered within OpenSSL  a popular open-source protocol used to encrypt vast portions of the web -- to include authentication data such as user names and passwords.  The bug has been dubbed the "Heartbleed" bug as it exploits a flaw in the handling of the The TLS heartbeat extension within the protocol.  

This particular bug is actually worthy of the attention that it is getting.  That being said, the sky isn't falling and the Internet isn't collapsing :)   Here are a few things that you can do to protect yourself while Heartbleed is being remedied:

1. Password Management.  There is some debate around whether you should consider changing your passwords now or changing your passwords after verifying that the patch has been deployed.  My practical answer is to wait.  Changing your password on an already-compromised website still results in a compromised password, so waiting to change until sites are patched makes better sense.  My one exception to this is in situations where you are using the same password for multiple accounts.   Immediately changing your password the password that you use for your 4 email accounts, 3 banking applications, 2 social media sites, and 1 online shopping service to 10 separate passwords is one way of minimizing any potential damage from a compromised account.  Of course, managing and securing so many passwords can be painful;  I recommend utilizing a secure password management tool to assist.  My favorite?  MiniKeePass.
2. Financial Scrutiny.  It's an old saw, but it still rings true:  keep an eye on financial transactions and financial statements for potential fraudulent activity.  Call your fiancial institution immediately if you see something that doesn't make sense.
3. When in Doubt, ASK.  So how do you know if websites you do business with are vulnerable to this flaw?  If you like to get your geek on you can test a website yourself (though the results aren't necessarily conclusive);  you can also consult the latest list of Heartbleed test results for popular sites that is circulating the web right now.  The easiest way to find out, thought, is to ask the question of those sites which your frequent.  Knowledge is power, and getting straight answers from the online entities which you frequent will help you better protect yourself as you move forward.

Hope this helps.  Spread the word!!