Protecting your personally identifiable information is increasingly difficult as hackers get more sophisticated and we become more reliant on computers and the Internet to handle sensitive information. Being aware of the threats around you and knowing how to protect yourself is extremely important.
This post will highlight the two most recent threats and provide some general tips to prevent ID theft, invasion of privacy and generally protect yourself online.
Heartbleed is a software bug (not a virus) that affects OpenSSL, which is a technology used by websites to encrypt data as it travels between the website server and your computer. In other words, HTTPS! Now do you see why you should be concerned?
OpenSSL is one of the ways companies can implement HTTPS for their site and it is likely the most popular. As you know HTTPS is used for any site that uses sensitive data including online shopping and banking. That means attackers are seeing information’s supposed to be encrypted like usernames & passwords, credit card numbers, etc.
Most sites run Open SSL so you’re likely to use more than a few affected by this bug. Sites like Yahoo, Amazon, LinkedIn, Facebook, Twitter, and Google were all affected and have all been patched. Most major sites have moved quickly to secure their site. You can check here to see if the sites you frequent have been affected: http://filippo.io/Heartbleed/
Most important tip to protect yourself from Heartbleed: If you have an account with an affected website, change your password, but only AFTER the site has been fixed.
The Chrome Vulnerability
A security flaw in Google Chrome could allow a hacker to turn on a user’s computer microphone and secretly obtain a Chrome-generated transcript of the user’s conversations, according to an Israel-based software developer who highlighted the flaw in a blog post this week. The recording itself is not captured, but the recording is run through Google’s speech-to-text engine. Google has confirmed the vulnerability.
Tips to Protect Yourself
- Do not use the same password or the same few passwords for all accounts. If you cannot keep track of all of your passwords you may want to consider using a password manager like LastPass, Dashlane, and KeePass. These services also enable you to only have to remember one password.
- Change passwords by going directly to the website. If you receive an email from a site encouraging you to change your password, do not follow the link in the email. Whether this email looks legitimate or not, this is a prime opportunity for attackers to attempt to steal data.
- Watch bank accounts and credit report for fraud. The Heartbleed bug and undoubtably a number of other have been in the wild for quite some time (Heartbleed for approx 2 years) so there are always threats and attackers seeking to get your data. Monitor your accounts for irregular and fraudulent activity.
- Change passwords periodically. Changing your passwords can help avoid discovery of passwords and the subsequent access to sensitive data.
- Avoid the automatic login feature. This may not be as critical for some services but should be standard practice for bank accounts and other sites that store or take sensitive data like personal data and banking or credit card information.
- Actively manage the security and privacy setting on the sites you use.
Do you have any additional tips? Do you know anyone affected by either Heartbleed or the Chrome vulnerability? How are you protecting yourself?!