Recently, the OpenSSL project issued an emergency security advisory about an open bug called "Heartbleed," which has since made headlines around the world. Heartbleed is serious vulnerability in OpenSSL, which is the system used to ensure the security of about half the websites on the Internet, and it could lead to malicious hackers spying on what were thought to be secure Internet communications.
Here at Intego, we take our responsibility to protect you very seriously, and we want to provide some resources to keep you well informed. We invite all Mac and iOS users to check out the top FAQ's on Heartbleed to learn how this bug may affect you.
Are Mac Users "Immune" to Heartbleed?
Reports surfaced last week stating that OS X and OS X Server are "immune" from Heartbleed. Unfortunately, as Graham Cluley mentioned in our FAQ on Heartbleed for Mac and iOS users, using a Mac does not make you safe from Heartbleed. We cannot stress this enough: while Apple products may be “safe,” encrypted data is not.
The Heartbleed bug enables the theft of information otherwise protected by SSL/TLS encryption, and it affects many of the websites and other Internet services you use. If the services use OpenSSL to help manage the flow of encrypted data, it doesn’t matter if you’re on a Mac or a Windows computer, your data may be at risk.
What You Need To Do
If you use a site that is affected, the security bug possibly compromised your password, and you'll have to change it once the bug is fixed. Before you change a password on a website, first check to see if the site is vulnerable to Heartbleed. Don’t change your password until you know the affected business has fixed its servers to remove the Heartbleed vulnerability.
When you're ready to change your password, if you're having trouble keeping track of them all, we put together a list of password managers for Mac and iOS that you can try.
Check Vulnerable Websites
You can check if a site is vulnerable by using a special search tool, here: http://filippo.io/Heartbleed
Where to Get More Information
A great overview about Heartbleed is covered at The Wire, which points out that fixes for the flaw will take some time, because individual servers have to be fixed manually, and some people might not get around to repairing the bug for quite awhile. In other words, you should take heed from Heartbleed on a site-by-site basis. Until affected sites are fixed, we strongly encourage you to stay away from those sites.
You can check to see if a site is affected by using the search tool mentioned above, or you can take a look at the list of well-known affected brands provided by Mashable.
How Else Can You Protect Your Data?
Although anti-virus software cannot protect your data after it has been entered into vulnerable websites, Intego encourages all Mac users to implement a layered approach to Internet security, which can help keep your Mac and your data safe from known malware and malicious applications.