/

‘Heartbleed’ bug: How to lower the risks

AP

The “Heartbleed” bug has caused anxiety for people and businesses. Now, it appears that the computer bug is affecting not just websites, but also networking equipment including routers, switches and firewalls.

The extent of the damage caused by the Heartbleed is unknown. The security hole exists on a vast number of the Internet’s Web servers and went undetected for more than two years. Although it’s conceivable that the flaw was never discovered by hackers, it’s difficult to tell.

There isn’t much that people can do to protect themselves completely until the affected websites implement a fix. And in the case of networking equipment, that could be a while.

Here are three things you can do to reduce the threat:

• Change your passwords. This isn’t a full-proof solution. It’ll only help if the website in question has put in place required security patches. You also might want to wait a week and then change them again.

• Worried about the websites you’re surfing? There’s a free add-on for the Firefox browser to check a site’s vulnerability and provide color-coded flags. Green means go and red means stop. You can download it at: addons.mozilla.org/en-U.S. /firefox/addon/heartbleed-checker/

• Check the website of the company that made your home router to see if it has announced any problems. Also be diligent about downloading and installing any software updates you may receive.

Both Cisco Systems Inc. and Juniper Networks Inc. continue to advise customers through their websites on which product is still vulnerable, fixed and unaffected. Darren Hayes, professor of security and computer forensics at Pace University, praises Cisco and Juniper for being upfront with customers. He cautions, though, that many other companies make similar products that likely have the bug, too, but haven’t come forward to say so.