The aftermath of the recent Heartbleed Internet security vulnerability is curious. It's been described (correctly) as the worst security breach in many years. But for average people, the ones who don't manage secure web or email servers, the experts say there isn't much we can do. Change all your passwords? ... maybe, but wait.
Why is this so complicated? It is becuase the affect parts are beyond our control as normal internet users. But there is some sense to be made of this, and that can be had in this excellent article by Adam Engst and Rich Mogull over at Tidbits titled "The Normal Person’s Guide to the Heartbleed Vulnerability". Go read that, I'll wait.
In the meantime, I'm bracing myself for seeing several things that drive me nuts...
- There will be a flurry of "Hello, this is ________ that you have an account at, and we say we weren't affected/we-were-affected-but-have-patched-things, and you need to do X..." emails. That's fine, but most people won't read them, and will ignore them
- There is then be flurry of "Hello, this is ________ that you have an account at, and we say we weren't affected/we-were-affected-but-have-patched-things, and you need to do X..." emails, that are phishing attacks from scammers, capitalizing on the publicity, and trying to trick people into following their poisoned links and giving away their info.
- People will continue to use crappy passwords without a password manager.
So, in these uncertain internet times, let me hope that you'll follow basic common sense:
- Never click on a link in an email that you're unsure about who the sender is.
- If you if you DO think its a legitimate email a service that you use, don't click the links. Log into the service by typing the address into your web browser.
- Always read important announcements from your services.
- Use good passwords, and a password manager.