Friday, April 11, 2014

What is Heartbleed and what you can do about it.


mac-security-openssl-heartbleed

The Heartbleed Bug is a vulnerability in the OpenSSL cryptographic software library.

This allows stealing from protected information by the SSL/TLS encryption used to secure the Internet.
SSL/TLS provides communication security and privacy for email, instant messaging (IM), web, and virtual private networks (VPNs).

The Heartbleed bug gives access to anyone that intends to read the memory over the Internet of systems protected by the vulnerable versions of the OpenSSL software.

Secret keys are compromised that are used to verify encrypted traffic, including names, passwords, and private information of the users content.

 

What to do about the leak

Affected sites include: Google, Gmail, YouTube, Facebook, Tumblr, Yahoo and Dropbox.  If you use any of these sites, it if strongly recommended for you to change your passwords immediately.

If you are running a vulnerable version of OpenSSL, you are at risk.  Fixed OpenSSL has been released and is deploy-able.

If you use password protection sites that hold all your passwords in a single place like LastPass, please update your passwords there as well.

Attackers are able to eavesdrop on communications and easily steal data.  User-ids, passwords, credit-card numbers, and everything you place online is open for hackers to access.

Google told MailOnline: “The security of our users’ information is a top priority.  We fixed this bug early and Google users do not need to change their passwords.’

While some experts are advising users to change all their passwords across every site they have an account for.



heartbleed-checklist

CNet has an updated list, Heartbleed bug: Check which sites have been patched, for the 100 most popular Web sites.

When creating passwords, always use the two-factor authentication.  The extra step is tremendously safe and worth it.

You can also follow these steps to clear your browsers’ cache, cookies, and history:
Chrome:
  • In the browser bar, enter: chrome://settings/clearBrowserData
  • Select the items you want to clear. For example, Clear browsing history, Clear download history, Empty the cache, Delete cookies and other site and plug-in data.
Firefox:
  • From the Tools or History menu, select Clear Recent History.
  • From the Time range to clear: On the drop-down menu, select the desired range; to clear your entire cache, select Everything.
  • Click the down arrow next to “Details” to choose which elements of the history to clear. Click Clear Now.
Internet Explorer 9 and higher:
  • Go to Tools (via the Gear Icon) > Safety > Delete browsing history….
  • Once there, choose to delete Preserve Favorites website data, temporary Internet files, and cookies.
There is no quick fix for Heartbleed, take time and change your passwords.  That is the best preventative measure you can take.

You can check a website here to see if they’ve patched the hole.

If you are still unsure on what to do, give us a call today! Don’t go through the weekend not knowing if your are secure or not, call 619-325-0990.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

References:
How to protect yourself in Heartbleed’s aftershocks – ZDNet
http://www.zdnet.com/how-to-protect-yourself-in-heartbleeds-aftershocks…
How to recover from Heartbleed – ZDNet
http://www.zdnet.com/how-to-recover-from-heartbleed…
The Heartbleed Bug – Heartbleed
http://heartbleed.com/
Heartbleed was an accident: Developer confesses to causing coding error and admits its effect is ‘clearly severe’ – Mail Online
http://www.dailymail.co.uk/sciencetech/article-2602277/Heartbleed-accident-Developer-confesses-coding-error…
Posted by at
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)