Recovering from Heartbleed

The recent report of a loophole in the security settings of many web sites has made online shopping and banking dangerous. Get-It-Done Guy has tips on how to keep your personal information safe on the web.

Stever Robbins
5-minute read
Episode #309

You’ve probably heard about the Heartbleed internet bug. Everywhere. If you haven’t done anything about it yet, today’s episode will give you the full scoop.;

We always thought the zombie apocalypse would come from outside. We were wrong. Apparently, it’s been with us the whole time. We were infiltrated from within.

Out, Out, Damn OpenSSL Spot!

The Heartbleed bug is a problem in the way web sites handle security. When you connect to a secure web site, you can see a little lock icon on your browser. That means your connection is secure and you can feel safe and sound.

Ha ha! Fooled you! Thanks to Heartbleed, it turns out that for the last two years, all the little lock has meant is that your browser thinks it’s secure. It’s like hiding under your blanket to escape monsters. You may feel safe, but the blanket just makes it easier for the monster to pick you up and eat you like some sort of flannel burrito.

Heartbleed Exposes Web Site Memory

The Heartbleed problem happens at the web site. For the last two years, the program that makes some web sites secure has had a teensy, weensy little bug that allowed nefarious, shadowy figures to peek into the web site’s memory.

“Who cares?” you say. “What could a web site possible have to hide, anyway?” Well, the username and password you just used to log into the site might be in the web site’s memory. Made any purchases lately? The credit card number might also be there. Phone numbers. Birth dates. Clothing sizes. Real clothing sizes, not just the ones you tell your friends. In short, anything the web site was dealing with could have been stolen.

Even better for the criminals is that it’s undetectable! There’s no way to know if a site was actually affected, and if it was, what information was exposed. The safest course of action is to assume anything you typed into a web site during the last two years may have been stolen and is sitting in a big data warehouse right now, ready for publication. (This is the one in addition to the NSA’s warehouse of data they’ve collected on you.)

Change Your Passwords

What should you do? First of all, change all your passwords. Everywhere. Once your password is sent to a web site, your username and password are almost certainly in memory for a short time. If you typed it into a site that was hacked, it could have been captured.

Use a Different Password Everywhere

“Who cares?” I hear you cry. “This was just a recipe-sharing site for people who like to eat rutabagas. If someone breaks into my account, there’s no sensitive information there.” And that’s true … unless you use the same password on multiple sites. Let’s face it: even I use the same password on multiple sites, especially when it’s just recipe-sharing. The problem is that I also use that password on the Get-it-Done Guy content management site, a site I care very much about. I log into both sites using my email address, getitdone@quickanddirtytips.com. If our shadowy figure happens to get both my rutabaga username and password, they can get into the Get-it-Done Guy content management system and randomly insert words like rutabaga into the middle of my episodes.

If you haven’t been using different passwords on different sites, now’s the time to start.


About the Author

Stever Robbins

Stever Robbins was the host of the podcast Get-it-Done Guy from 2007 to 2019. He is a graduate of W. Edward Deming’s Total Quality Management training program and a Certified Master Trainer Elite of NLP. He holds an MBA from the Harvard Business School and a BS in Computer Sciences from MIT.