Heartbleed bug: 7 college tips to protect students

Monday, April 7, saw the discovery of the Heartbleed security breach that attacked the encryption protocol known as OpenSSL. Heartbleed can access the memory of data servers and sensitive personal data like usernames, passwords and credit card information that is saved there. Many popular websites that use OpenSSL have been scrambling to write software patches to protect themselves against Heartbleed. College students are especially vulnerable as they frequently search the Internet and shop online. Here are some college tips for students to protect themselves.

The Heartbleed security flaw has been called the worst vulnerability found on the Internet. (Credit: Winston Ross)

The Heartbleed security flaw has been called the worst vulnerability found on the Internet. (Credit: Winston Ross)

College students vulnerability to Heartbleed

While Heartbleed affects about one in five general users of the Internet, college students are more likely to be affected. Millennials and young adults age 18 to 35 use social media, search the Internet, shop online, use apps and link smart phones to the Internet more than any other demographic, according to nonprofit research group the Urban Land Institute, which “found that 45% of respondents to a survey said they spent 1 hour or more per day checking out retail-oriented sites,” according to “How Millennials Shop Online,” posted on eMarketer July 10, 2013.

Here are some tips to counter the effects of Heartbleed:

1. Check the websites you visit most often against the Heartbleed Test at http://www.cnet.com/how-to/which-sites-have-patched-the-heartbleed-bug/ to see if it is one of the sites affected by Heartbleed and one of the sites that has been patched.

2. Change passwords for sites that have already been patched. CNN Money suggested these patched sites: Airbnb, Bing, Google, YouTube, Gmail, Facebook, Instagram, Netflix, OKCupid, Pinterest, Wikipedia, Yahoo, Yahoo Mail, Tumblr, Flickr. Don’t yet change passwords for websites that still have a problem with Heartbleed.

3. You don’t need to change your password on these sites (because these do not use the software Heartbleed attacked): most major banks, credit cards and investment companies, as well as Amazon, Apple and iTunes, AOL, E*Trade, H&R Block, Healthcare.gov, Hulu, IRS, LinkedIn, Microsoft, PayPal, Twitter and others.

4. Choose a secure password. Use a combination of upper and lower case letters, numbers, and characters such as a hyphen. Don’t use the same password for all your logins – jumble it up a bit. Don’t use a password based on your personal information such as your name or personal identification number. Don’t use the word “password” or “password 123” as these are very common and easy for hackers to figure out. Use a Password Manager app to help you devise a secure password.

5. Close out old accounts. “Spring cleaning! This is the perfect opportunity to close out old accounts that you no longer use. This not only diminishes all concern surrounding its compromised password and information, but also gives crooks who otherwise accessed it, clues to get into your other accounts (like shared passwords),” suggested Generation SUNY in “Heartbleed: What Every College Student Should Know,” posted April 14, 2014, in Campus Life.

6. Watch out for phishing scams.  Kellep Charles, IT security analyst at NASA “says to be on the lookout for suspicious messages stemming from the Heartbleed bug. If cybercriminals acquired your personal information, they may use it to con you into installing malicious software on your computer. Be mindful of the warning signs of phishing scams,” wrote Callie Malvik in “Everything You Need to Know About the ‘Catastrophic’ Heartbleed Bug,” posted April 11, 2014, on the Rasmussen College blog.

Phishing emails or texts can ask for your personal information, pretend to be a bank asking for financial data, request that you to fill out survey information, get you to link to another site, threaten to close your account if you don’t give personal information, direct you to fake log-in pages or use instant messaging or live chat windows to get you to give up personal information. Phishing scams often originate outside the United States, so they tend to have misspellings and grammatical errors. A legitimate website will never ask for personal information over an email or text.

7. Monitor your financial statements for suspicious activity. If you bank online, keep an eye on your bank statements, credit card statements and other financial data for any discrepancies.

What steps have you taken to protect yourself against Heartbleed?

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *