Showing posts with label password protection. Show all posts
Showing posts with label password protection. Show all posts

Friday, April 11, 2014

What is Heartbleed and what you can do about it.


mac-security-openssl-heartbleed

The Heartbleed Bug is a vulnerability in the OpenSSL cryptographic software library.

This allows stealing from protected information by the SSL/TLS encryption used to secure the Internet.
SSL/TLS provides communication security and privacy for email, instant messaging (IM), web, and virtual private networks (VPNs).

The Heartbleed bug gives access to anyone that intends to read the memory over the Internet of systems protected by the vulnerable versions of the OpenSSL software.

Secret keys are compromised that are used to verify encrypted traffic, including names, passwords, and private information of the users content.

 

What to do about the leak

Affected sites include: Google, Gmail, YouTube, Facebook, Tumblr, Yahoo and Dropbox.  If you use any of these sites, it if strongly recommended for you to change your passwords immediately.

If you are running a vulnerable version of OpenSSL, you are at risk.  Fixed OpenSSL has been released and is deploy-able.

If you use password protection sites that hold all your passwords in a single place like LastPass, please update your passwords there as well.

Attackers are able to eavesdrop on communications and easily steal data.  User-ids, passwords, credit-card numbers, and everything you place online is open for hackers to access.

Google told MailOnline: “The security of our users’ information is a top priority.  We fixed this bug early and Google users do not need to change their passwords.’

While some experts are advising users to change all their passwords across every site they have an account for.



heartbleed-checklist

CNet has an updated list, Heartbleed bug: Check which sites have been patched, for the 100 most popular Web sites.

When creating passwords, always use the two-factor authentication.  The extra step is tremendously safe and worth it.

You can also follow these steps to clear your browsers’ cache, cookies, and history:
Chrome:
  • In the browser bar, enter: chrome://settings/clearBrowserData
  • Select the items you want to clear. For example, Clear browsing history, Clear download history, Empty the cache, Delete cookies and other site and plug-in data.
Firefox:
  • From the Tools or History menu, select Clear Recent History.
  • From the Time range to clear: On the drop-down menu, select the desired range; to clear your entire cache, select Everything.
  • Click the down arrow next to “Details” to choose which elements of the history to clear. Click Clear Now.
Internet Explorer 9 and higher:
  • Go to Tools (via the Gear Icon) > Safety > Delete browsing history….
  • Once there, choose to delete Preserve Favorites website data, temporary Internet files, and cookies.
There is no quick fix for Heartbleed, take time and change your passwords.  That is the best preventative measure you can take.

You can check a website here to see if they’ve patched the hole.

If you are still unsure on what to do, give us a call today! Don’t go through the weekend not knowing if your are secure or not, call 619-325-0990.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

References:
How to protect yourself in Heartbleed’s aftershocks – ZDNet
http://www.zdnet.com/how-to-protect-yourself-in-heartbleeds-aftershocks…
How to recover from Heartbleed – ZDNet
http://www.zdnet.com/how-to-recover-from-heartbleed…
The Heartbleed Bug – Heartbleed
http://heartbleed.com/
Heartbleed was an accident: Developer confesses to causing coding error and admits its effect is ‘clearly severe’ – Mail Online
http://www.dailymail.co.uk/sciencetech/article-2602277/Heartbleed-accident-Developer-confesses-coding-error…
Posted by at No comments:
Labels: , , , , ,

Thursday, January 23, 2014

Is Password Protection not a Big Deal to You?

Common-Password-Protection


Last year was a big year concerning password protection.  We saw Target and Adobe get hacked, a slue of malware on the internet, phishing scams all over social media sites and even our own personal emails filled with spam.

If password protection is still not a big deal to you, then you should think again.

You would think after seeing major corporations hacked and personal security being compromised, we would take more time creating passwords that aren’t so simple to crack.

The most commonly stolen passwords are still “123456″ and “password”.  This doesn’t only mean “123456″ and “password” is the easiest for cybercriminals to guess, but those are the most common passwords used by people!

“123456” is finally getting some time in the spotlight as the world’s worst password, after spending years in the shadow of “password.” – Splashdata Security Firm

Weaker passwords are much more susceptible to brute-force attacks.  Hackers first off attempt to access accounts through rapid guessing.


Password-Protection-List


Even though common words and phrases are easier to remember, they are also easier for hackers to determine.  Some people tend to replace similar looking words with letters (like “3″ instead of “E”, or “0″ instead of “O”).  Although, it is good to put a variation of characters into your password, this is still not an effective strategy, at least for sensitive accounts.

There are many password management programs that can you can extremely benefit from.  Try LastPass, KeePass or SplashID.


These programs will maintain all your accounts and all you have to do is remember one master password.
Here is a full list of the worst passwords in 2013:

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. abc123
  6. 123456789
  7. 111111
  8. 1234567
  9. iloveyou
  10. adobe123
  11. 123123
  12. admin
  13. 1234567890
  14. letmein
  15. photoshop
  16. 1234
  17. monkey
  18. shadow
  19. sunshine
  20. 12345
  21. password1
  22. princess
  23. azerty
  24. trustno1
  25. 000000

If you have an account with any of these passwords, consider it a major fail.  Please change your password immediately.

As more people are doing their banking, bill paying, and buying items online, this problem is only getting worse.

How secure is your password protection?  Tell us what you think in the comment section below!

References:

The 25 worst passwords of 2013: ‘password’ gets dethroned – PC World
http://www.pcworld.com/article/2089244/the-25-worst-passwords-of-2013-password…

’123456′ assumes the ‘worst password of 2013′ throne – Fox News
http://www.foxnews.com/tech/2014/01/21/worst-password-2013-named/
Posted by at No comments:
Labels: , , , , , , ,
Subscribe to: Posts (Atom)