I love my phone.
I hate to admit it but I have fallen head over heels into a full-blown affair with my mobile device. Whether it’s calorie counting during meals, emails in bed, managing Facebook pages in the bath, Instagraming my baby corn-snake, making silly SnapChats or even trying to beat my solitaire score it’s my new partner in crime. Yes, I’ve truly become one of those people that I previously despised.
Not everyone is so keen on my new love however – besides it taking up a…fraction more of my time…some have even said they don’t trust it. Why? Well I’ve heard the same reasoning a few times now and I think I have to start taking the hint: “Turn off your GPS!!”
It’s never something that has particularly worried me…
I may be a little guilty of being slightly naïve when it comes to security – I mean, I double lock my doors behind me, hide valuables (who am I kidding, I still have a VHS for god’s sake) look over my shoulder as I type in my pin number, change my passwords every 6 months and always carry my phone on me when I’m out and about…
…but could apps like GoogleBuzz, Google Places, Foursquare and the newer ‘avoidance’ apps (deemed a stalker’s dream) be making me and maybe other consumers blissfully unaware of serious internet security issues?
It’s not just at the consumer level; new security alerts due to the Heartbleed bug – discovered by a member of Google’s security team – have revealed a number of high profile websites running OpenSSL that have been made vulnerable this week. This news means that any sites using the security encryption technology – designed to protect sensitive online transactions – could have had data compromised.
Ironically, just like the sense of potentially false security that carrying your phone around everywhere with you brings, Heartbleed has exploited the very thing that was supposed to be protecting high security service passwords, personal emails, credit card information and instant messages. Again, ironically, it’s the latest and best versions of the technology that are at the biggest risk.
What can we do?
Although a security patch has been announced, there are still many websites still catching up.
#1 Run a check
One of the best things you can do as a business, website owner or consumer is to keep an eye on who’s been affected. You can do this via the Heartbleed Checker, LastPass. This site will allow you to not only check the vulnerability of your site, but of some of your most frequented sites as a consumer.
If are self-managing an SSL encrypted site and you find that your site is vulnerable, you will have to update. Details on how to deploy the Fixed OpenSSL is available on the Heartbleed help site.
#3 Watch for the vulnerable
For the next week, keep one eye on your more sensitive online accounts like banking or webmail for any odd activity.
#4 Keep your finger on the pulse
Keep an eye on #Heartbleed news – this will keep you up to date on which businesses have been affected and which have updated appropriately.
#5 Change your passwords
Take time to change your passwords – everywhere! Again, keep an eye on the news to see if your most frequented sites have updated their security. When they have a confirmed security update, change your password.
It’s a frightening thought but if we’re not programmers or security experts, it’s not necessarily something we concern ourselves with on a daily basis. So keep your ear on the ground this week to make sure you’re doing everything possible to keep your information safe.
It’s certainly made me shudder, thinking of my personal information being poached. So maybe I should update my security – over the next week, I’m certainly changing my passwords, triple locking my doors, shielding my pin even from family members and turning off that GPS!
Not too fussed about my ‘valuables’ though (VHS player anyone?) – the only thing staying is my beloved phone – you’ll have to pry that out of my cold dead hands.