IGNORE THE JOURNALISTS!!!!
Hopefully, you are sitting at work reading this, and not sat at home frantically changing ALL your passwords as advised by the mainstream media today.
What a joke.
The Heartbleed exploit has been active for a couple of years now, I won’t go in to details about it, you can read the history and details just here.
Long story short, the press have picked up on this and started a scare mongering campaign, advising people to take the day off sick and change their passwords for EVERYTHING.
What utter rubbish.
In fact, by doing this, you’re actually adding risk to the situation, here’s why:
1: You have a password. You think it might have been compromised by this exploit, but you’re not sure. You follow the media advice and go to EVERY website, and change your passwords.
2: During this process, you log in to a website that is only recently hit by the exploit, and type in your new password. Boom. If that site is vulnerable, you've potentially just given the hackers your new password. Well done there!
3: You then proceed to go to EVERY OTHER WEBSITE (!) that you’re a member of, and change your password there too. Most likely, you’ll be unsafe to start with, and use the same password. Now, not only do the hackers have your new password, they have a pretty good shot at accessing your other accounts.
4: You've lied to your employer, or wasted a days holiday, by pointlessly panicking about your passwords being hacked, when, you were probably safer before you started this exercise!
Long story short, and my advice
Do not change your passwords until you are advised to do so by the relevant companies. It is their duty to inform you if your account might have been compromised, and any good company will do this without a second thought.
IF YOU CHANGE YOUR PASSWORD WITHOUT THE WEBSITE FIXING THE EXPLOIT — YOU ARE WASTING YOUR TIME!!
Rant over, for now. Enjoy the sunshine today, and change your password if you’re advised to do so. Not before.
** Disclaimer: Of course, I assume you don’t need to worry too much, as you change your passwords often, have different passwords per site, and use a mixture of numbers, letters, other characters, right?
Thought so!
