How To Protect Yourself From This New Terrifying Security Flaw Called 'Heartbleed'

This photo illustration shows hands typing on a computer keyboard on Wednesday Feb. 27,2013. Security threats aren't new and
This photo illustration shows hands typing on a computer keyboard on Wednesday Feb. 27,2013. Security threats aren't new and have long been part of online life. But the increased attention on them offers a good time to review ways you can protect yourself. (AP Photo/Damian Dovarganes)

There's a big problem with one of the tools used to protect your data as it travels over the Internet.

The bug, revealed on Monday by security researchers at Google and at an independent firm called Codenomicon, is called Heartbleed, and it compromises at least 66 percent of active websites, according to the team that discovered it.

Whenever data (passwords, usernames, etc.) is sent through the Internet, it gets encrypted, or turned into a code, so hackers can't access it. What makes the Heartbleed flaw truly scary is that it can allow hackers to break that encryption and access to your emails, passwords, documents and instant messages across such a large swath of the Internet. Though just discovered, this bug has likely existed for two years.

In short, it's a nightmare. So how can you protect yourself now?

You can and should check to see if websites you frequent have been impacted by the bug before you visit them again. You can download this Chrome extension, Chromebleed, that warns you when a site you're visiting has been affected.

You can also plug in a website to check if it's impacted on this webpage set up by Italian security consultant Filippo Valsorda. This test is not foolproof though, so don't rely on it alone.


Two sites that are known to have been impacted are Yahoo and Amazon, though both have said that they are in the process of fixing the vulnerability on their ends. (According to Valsorda's site, Yahoo and Amazon have already been patched.) OkCupid has also been affected by Heartbleed.

What else should you do? Watch your bank and credit card statements for unusual activity, since that information could be accessed by hackers. Some sites, like the tech news outlet Ars Technica, are asking users to change their passwords. Don't go around changing all of your passwords unless a site directs you to, though. Too much password changing could "exacerbate the problem," security experts tell CNET.

If you're especially paranoid, you might be best off just staying offline for a few days. "If you need strong anonymity or privacy on the Internet, you might want to stay away from the Internet entirely for the next few days while things settle," wrote Roger Dingedine, the president of Internet anonymity software company Tor.

Ultimately, it's up to the Internet companies we use and trust to fix the bug, so there's not a ton you can do on your own to combat it. "Service providers and users have to install the fix as it becomes available for the operating systems, networked appliances and software they use,", a site set up to explain the security flaw, reads. Until a site installs a fix, we're all left vulnerable.