Top tips from the Institution of Engineering and Technology (IET) to combat the Heartbleed bug
The Heartbleed bug is a serious software defect that affects the security of websites, email and other internet-based services. There is a lot of conflicting advice on how to deal with the bug. Hugh Boyes, Cyber Security Lead at the Institution of Engineering and Technology (IET), sets out five simple steps on how to protect yourself.
1. Change your passwords – but only after the affected website operators and ISP, have implemented the patch to fix the bug. Changing your password before the bug is fixed could compromise your new password.
2. Regularly change your passwords. Depending on how sensitive the application/website is, passwords typically ought to be changed monthly or quarterly.
3. Don’t reuse the same passwords on different websites. Try to use a separate password for each website.
4. Use strong passwords, which are at least eight characters long, are not dictionary words or names and include at least one character from the following groups:
o upper case letters
o lower case letters
o numbers
o special characters, such as punctuation and mathematical symbols (although some websites will not accept these).
5. Always make use of all authentication options on offer, e.g. a password and letters from a memorable word, or use of a security token or texting a PIN.
Hugh continues: “This incident reinforces the need to significantly improve the quality of software engineering and programming. The failure to detect this bug through code inspection or testing, prior to its deployment to live systems, means that organisations using the code are failing to protect their customers. That is why initiatives like the Trustworthy Software Initiative (TSI), which aims to make software better by encouraging and promoting software engineering good practice, are so important.”
