Friday, April 18, 2014

Heartbleed Bug Security Caution: Time to Update Your Passwords

It isn't bad enough that every time we turn around, a new virus is out there lurking, trying to work its way into our system.  Now, there is also something else going on out there to potentially cause a security risk.  Have you guys heard of the Heartbleed bug?  Like I needed something else this past week to worry about!  Sheesh!  Anyway, according to the Heartbleed website, the Heartbleed bug is a:
"serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs). The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users." (http://heartbleed.com, paragraphs 1 & 2).
In short, the bug means that attackers can ‘listen in’ on communications between those websites and the browsers visiting them.”
Read more at http://macdailynews.com/2014/04/09/what-to-do-about-heartbleed-a-gaping-security-hole-affecting-66-percent-of-the-internet-at-least/#7X1fL3WoUoKYsffL.99
Basically, what this means is that the bad guys, aka hackers, can ‘listen in’ on the communications taking place between websites using Open SSL and the browsers visiting them.  This means that if you log in with a password on any of these vulnerable sites, your information may be compromised.  This is all we need!  If you think that it doesn't affect you because you don't have any open source software on your system, think again.  If you have a blog on either Wordpress or Blogger then you have been affected.  Have a G-mail or a Yahoo email account?  Then you've been affected.  Have accounts with Facebook, Instagram, Tumbler, Pinterest, Etsy, Go Daddy, Flickr, Box, DropBox or YouTube?  Then you've been affected.   The list doesn't end there.  To find out what other sites have been affected, be sure to click HERE.  I would also imagine that many of the stores that you have accounts with may also be affected.  So YaY, that leaves me with about 100+ passwords that might need changing.  How about you?

According to MacDailyNews:
“Sites that use OpenSSL will display a small ‘lock’ icon in the top left-hand corner of your Web browser’s address bar (though not all sites showing this lock use OpenSSL); the technology is used on more than two-thirds of websites across the Internet.” (http://macdailynews.com/2014/04/10/apple-on-heartbleed-bug-iphone-ipad-mac-and-icloud-unaffected/#Gz7KKeeQyQ1JbDhL.99, para. 2)
That is a lot of sites that may have been affected.  Now note that I say, 'affected' not 'infected'.  This isn't actually a virus.  It is simply a vulnerability that may leave your system open to hackers.  This vulnerability has apparently been around for two years.  We can only hope that our systems have been secure enough to keep the bad guys out.

So take some time this week and start resetting passwords for any affected sites you may have an account with.  Best to do it know before Heartbleed becomes Heartache!

Until next time,

No comments: