Advertisement

Factfinder 12 answers questions about Heartbleed & internet security

By Pilar Pedraza, ppedraza@kwch.com
Published On: Apr 11 2014 05:33:05 PM CDT
Updated On: Apr 11 2014 10:13:44 PM CDT

Many of you have heard about Heartbleed, a glitch in security software on most websites that puts your personal information at risk.

"I've just been hearing that it's a security breach that's affected... most of the internet?" said Bailey Blair.

But, how do you know if your information, especially passwords, has been compromised? And what do you do about it if it has? Factfinder 12 found answers.

Every time we get on the internet, through a computer, a cell phone or a tablet, we could be exposing our personal information to hackers because of a glitch in website security systems called Heartbleed.

"Putting it simply, it's the communication between you and the website you're dealing with," said Robbie Namee, with the Better Business Bureau. "That link between the two has been possibly compromised."

That means hackers could access your usernames, passwords, credit card numbers and any other personal information you've used during visits to the affected sites.

Heartbleed is making headlines world-wide. But many are confused on what they should do about it.

"And I don't know which sites to go to and which not to. And so far I just haven't done anything about it," said Blair.

Meanwhile, others are just waiting for a concrete answer on what to do.

"But, for me, I work in an office where we have IT people and I'm going to rely on them to tell me what I need to do," said Tom Docking. "I mean, I'm not going to start changing passwords without some guidance on what to do."

Factfinder 12 looked into Heartbleed and learned many of the major websites, like Facebook, Google and Yahoo, have already patched the problem. In those cases it's safe for you to go ahead and change your passwords.

But don't change your password until the Heartbleed problem has been fixed, because Heartbleed could allow hackers to read your keystrokes and steal your new password, too.

"Be very cautious until it's fixed," said Namee.

And some sites never had the problem. But which website is which?

"You're going to have to do a little bit more research, not just wait for someone to give you the information," said Namee.

Our partners at CNET have put together a checklist of the top 100 websites, whether they ever had problems with Heartbleed and if those problems have been fixed. It's being constantly updated.

For smaller websites not on that checklist, there's a test now available to tell you if they have the glitch.

          *CNET checklist

          *Website Heartbleed SSL test

Once you can change your password the experts say it's important to make it as strong as possible. They suggest using a combination of upper and lower case letters and numbers, substituting zeroes for O's and dollar signs for S's, and using phrases, like 'iliketofish', to make the password longer.

Advertisement