5 Tips to Help with #Heartbleed and Security

If you've missed it, there's been a ton of information shared about the OpenSSL vulnerability affecting every web site (so it seems) except a few such as Microsoft, Apple/iOS. Fortunately, most of the web sites are patching their OpenSSL and being fixed. But that leaves you with work to do, work that may take an hour or more to do.

Here are 5 tips to help you get that work done and describe what I am doing.

Image Source: Cult of Mac
Some tips for you to follow on how to deal with Heartbleed include the following:

  1. Change passwords. Now that there's been time for the dust to settle (e.g. patches to be made, vulnerabilities to be closed), I'm changing my passwords on all web sites that were vulnerable (list appears in Tip #4, but there could be more so apply Tip #3).
  2. Managing passwords. I manage my passwords using the open source Keepass/Keepassx/ KeepassDroid/Minikeepass on my Windows, Mac, Android and iOS devices, respectively, and that's made generating complex passwords and keeping track of them much easier. Others choose to use the web-based LastPass or 1Password.
  3. Check for Heartbleed vulnerability. Although LastPass has made this web site available to help you identify the status of the vulnerability patching at various sites, you can also load these two add-ons to your Chrome and Firefox browsers:
    1. Chrome Heartbleed Checker
    2. Firefox Heartbleed Checker
  4. Turn on 2-factor authentication. "two-factor authentication is a simple feature that asks for more than just your password. It requires both "something you know" (like a password) and "something you have" (like your phone)" (Source: LifeHacker). If you have a smartphone, take advantage of 2-factor authentication on web sites where your life would be seriously disrupted if you lost access to its contents. 2-factor works on sites like Google, LastPass, Apple, Facebook, Twitter, Dropbox, Evernote, Paypal, Steam,Microsoft, Yahoo (avoid them), Amazon, LinkedIn, and Wordpress.
  5. Encrypt everything you share online. If you use cloud storage, encrypt with AES-256 the information before you put it out there if it has sensitive and/or confidential information. You can use SSE for Windows/Mac/Linux/Android (no iOS, sorry), AESCrypt.com for Win/Mac,Linux/Android (no iOS). If on an iOS device, explore BoxCryptor.
These steps aren't that hard to take. Of course, if you haven't spent time on this before, they require you to do something you may not be accustomed to doing with technology--taking the time to learn something new and apply it. Don't wait.

Present virtually or attend this conference:

On Saturday, September 27, 2014, the Science Teachers Association of Texas (Region 19) will host a one day science and technology conference called miniCAST 2014.

Here is more info about it: http://minicastelpaso.wikispaces.com/Event+Homepage

View my Flipboard Magazine.

Make Donations via PayPal below:

Everything posted on Miguel Guhlin's blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure


Popular posts from this blog

Rough and Ready - #iPad Created Narrated Slideshow

Old Made New: Back to Bunsen Labs Linux (Updated)

The Inside Scoop: EdTech 2020 Virtual Conference #edtech #zoom