10 April 2014
The Heartbleed bug is a serious software defect that affects the security of websites, email and other internet-based services.
There is a lot of conflicting advice on how to deal with the bug. Hugh Boyes, Cyber Security Lead at the Institution of Engineering and Technology (IET), sets out five simple steps on how to protect yourself.
2. Regularly change your passwords. Depending on how sensitive the application/website is, passwords typically ought to be changed monthly or quarterly.
3. Don’t reuse the same passwords on different websites. Try to use a separate password for each website.
4. Use strong passwords, which are at least eight characters long, are not dictionary words or names and include at least one character from the following groups:
5. Always make use of all authentication options on offer, e.g. a password and letters from a memorable word, or use of a security token or texting a PIN.
Hugh continues: “This incident reinforces the need to significantly improve the quality of software engineering and programming. The failure to detect this bug through code inspection or testing, prior to its deployment to live systems, means that organisations using the code are failing to protect their customers. That is why initiatives like the Trustworthy Software Initiative (TSI), which aims to make software better by encouraging and promoting software engineering good practice, are so important.”