I’ll add things as I find ’em, or as they’re suggested. And remember, always think, lest you be clinked!
- Brett Brennan, one of my brothers-in-law, is a major geek (big data, even bigger databases, that sort of thing) (come to think of it, my other brother-in-law is a pretty big geek, too, but that’s a story for another day…). Brett also tends to deliver pretty straightforward, no-nonsense rants on various things tech. Here’s his take on Heartbleed:
Heartbleed is going to be a much smaller issue than the press have made it out to be. A VPN is ALWAYS a good idea – so long as your router is secured properly in the first place. The number of actual breaches is going to be small – zero for any major site like Google or Twitter or Facebook – because they know how to manage this type of problem correctly. Small private Web sites run by non-technical people are a different story – but these have ALWAYS been insecure.
The biggest threat to YOU as an end user is STILL your home router and personal computer, tablet, phone, iPod, etc. Most of you are STILL running Windows XP: this is 10,000 times more dangerous than Heartbleed at its worst. Most of you haven’t updated your anti-virus software for months – if you even HAVE AV software – and your home router is probably sitting wide open to any drive-by hacker. You probably don’t have any clickjacking protection on your browser, and you probably blindly follow links and spurious e-mail messages that promise “free” stuff. You never bother to check links in e-mail for THE REAL addresses they link to, or verify that the e-mail address that says it’s from your best friend is really theirs.
Yes, security breaches DO happen, and because of crappy passwords, you’re probably going to get hijacked at some point. All things YOU can prevent.
Do your homework! Learn some good practices from articles at CNET or Microsoft or the “Dummies” books. Once you’re secured to best practices standards, THEN you can worry about threats like Heartbleed that are completely outside your control.
- He gets into a bit further detail here: Heartbleed – Clarification of Effects (You may get a complaint from your browser about the certificate/certificate authority; all is well, though: the server admin is in the process of switching domains and servers, and those things take a while to propagate.)
- LastPass Heartbleed checker
- Now there’s an easy way to flag sites vulnerable to Heartbleed