Just yesterday several old college friends, my sister, my brother, and my parents all emailed me about this huge OpenSSL bug – Heartbleed. They were wondering what it meant for their own privacy.
My quick advice: change your passwords everywhere, but understand that Yahoo and Google are still patching servers. Any emails encrypted with Virtru since our launch in January are safe.
I responded to all of them with a Virtru-secured email, and this is what I wrote:
Heartbleed is important, but there’s no reason to believe that you personally have been targeted. What Heartbleed really means is that someone could have access to the last two years of your encrypted traffic to several websites including Facebook, Google, and Yahoo. If they had an interest in storing this data and they took advantage of the Heartbleed vulnerability then it is very likely that everything you’ve done online has been compromised.
Think of it this way. If you knew about Heartbleed over the past two years then you had an easy way to unlock every door without being traced. Governments, hackers – if any of them understood this vulnerability then that little padlock in your browser meant nothing to them.
Should an individual panic about this encryption bug? Is it time to retreat into the mountains and stop using the internet? I don’t think so, but everyone should take immediate action to address the real risk that all of your encrypted communications for a two year window are an open book.
For the record, Virtru emails we’ve exchanged since January are not affected by Heartbleed. The engineers are very focused on the latest developments in encryption and they turned on something call Perfect Forward Secrecy in January before the service went public. If I’ve sent you emails on Virtru since our launch they’ve been secure all along.
I do recommend that you change your passwords – everywhere. Here’s a just a small list of services that we know were affected which I’m certain you all use:
As far as services that were not affected:
Again, change your passwords and start taking a few extra precautions for securing your information. This isn’t the first or last bug we’ll find in encryption software, but it certainly is the biggest I’ve ever seen. If you send information that you want secured, take extra steps and use Virtru as an extra level of protection.