Heartbleed Security Issue – Some Practical Advice

A new security issue dubbed Heartbleed was disclosed on Monday night which has implications to users of the web. The bug allows a webservers’ memory to be accessed including private data such as username, passwordsshutterstock_20288581 and credit card details. Whilst this is a serious issue it should be kept in some perspective, the issue affects the software that runs on the websites that you access so there is not much that you can do as a user to ensure that you are not affected by the problem apart from asking individual website customer services whether they have fixed the issue.

This vulnerability only affects non-Microsoft webservers (known as Apache or Open Source webservers) and does not affect Office 365 or Windows Small Business Server users.

The natural response is to change your password immediately but far from helping you avoid this issue, if you access an unpatched site and update your password, now that the vulnerability is known about there is more chance of your details being captured.

The best way to protect yourself from this kind of security issue is to use a range of passwords depending upon the sensitivity of the data that is going to be accessed and to change these regularly. For example,

  • General Password – Used for general websites such as forums or chat websites.
  • Email Password – As your email is generally used to reset passwords, it is best to have a dedicated password for your email account.
  • Social Media Passwords – Used when accessing your facebook, twitter, linked in social media accounts
  • Shopping Password – Used when accessing internet shopping sites
  • Banking Password – A higher level password for sites such as paypal or internet banking sites
  • Work/Corporate Password – Used for accessing the work internet/network files.

If you have been re-using your work/corporate network password for other websites it would make sense to change these passwords today. If you require any further information please email enquiries@tech-wales.co.uk or follow our twitter feed @Tech_Wales where we will be posting further details as they become available.