Report: Public Wi-Fi mostly safe from Heartbleed

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

NEW YORK (CNNMoney) — The Heartbleed Internet bug is still haunting websites worldwide, but it looks like public Wi-Fi is pretty safe.

That doesn’t mean you should start banking on an open network — that’s still dangerous. However, you can connect your laptop or smartphone at most coffee shops, hotels and airports without worrying about hackers exploiting the Heartbleed bug on a Wi-Fi router to spy on you.

Most of the Wi-Fi devices used in public spaces are made by Cisco or Ruckus Wireles, and both companies say that hardware wasn’t susceptible to the bug in security software.

The same thing goes for all Starbucks locations, as well as major airports like Denver International and Phoenix’s Sky Harbor. None of them would specify what kind of equipment they use, citing security concerns. Las Vegas’ McCarran International Airport said its wireless gear was vulnerable to the bug, but it updated its systems as soon as a fix was available.

Also safe: small businesses that use the same D-Link, Linksys and Netgear routers we use from home. None of those companies’ Wi-Fi devices were affected either.

Because Ruckus provides the wireless routers for several hotel chains and shops, many of the following locations are safe too:

Marriott Hyatt Mandarin Oriental Intercontinental Wyndham Le Pain Quotidien

Consumers can breathe a sigh of relief. But that doesn’t mean they should dismiss Heartbleed entirely. Servers at work could still be affected. And many computer systems rely on older hardware that might never be patched. A weakness somewhere is essentially a weakness anywhere. That’s why security experts say you’ll have to stay on your guard for weeks and months to come.

Change passwords often. Don’t visit strange websites. And whenever possible, use a Heartbleed checker to see if a website still vulnerable to the bug.

Here’s a handy list of major websites that have patched their systems, or never used the vulnerable security software.

Still, it’s a smart bet to assume your online communication isn’t secure unless a website specifically states it patched its systems for Heartbleed. Just about everything you do online — email, social media, banking — is still at risk. The Heartbleed bug affects gadgets everywhere. Companies are still updating firmware for their devices. Two weeks ago, there were still 150 million vulnerable apps running on Android smartphones, according to cybersecurity provider FireEye.

The danger is real. A hacker broke into Canada’s tax records with Hearbleed and managed to steal personal information on 900 people.