Update to our Heartbleed Posting:
A recent article from zdnet.com revisited the Heartbleed bug, which was discovered by a Google engineer and caused worldwide panic a couple of months ago, due to the security kink that impacts OpenSSL and can leak login details and passwords.
When the news of the bug was made public, around 600,000 servers were vulnerable. One month after the discovery, about half of the servers had been patched. The zdnet article states, however, that over 309,000 remain unprotected. Even though the top few thousand companies have now protected their online presence, many smaller firms have not. It appears that smaller companies have stopped trying to patch systems.
So what do you do to protect yourself?
- Use a checker to find if a website is vulnerable.
- Use different passwords for each online account or a password manager.
Read our original post below on the Heartbleed bug for information and advice.
You probably have heard of the Heartbleed Bug, which made headlines last week and instilled fear in everyone using the internet. More all-encompassing than the Cryptolocker Virus, which we have written about on this blog, the Heartbleed Virus has been around for a few years but just recently made the news.
The Heartbleed Bug is the result of a major flaw in Open SSL, one of the most popular cryptographic libraries used and has been said to have left more than two thirds of the world’s web servers vulnerable. Within 48 hours of the news breaking about the bug, most servers had installed patches. Affected services included Facebook, Instagram, Twitter, Pinterest, Google, YouTube, Gmail, Foursquare, Flickr, Tumblr, Yahoo! Mail, GoDaddy, Amazon Web Services, Dropbox and OkCupid.
The bug can allow hackers to decrypt all kinds of personal and sensitive data, including passwords, credit card information and email addresses. At first, users were warned to stay away from sites such as Yahoo! and OkCupid, but, again, most of these sites have now instituted patches and updated SSL certificates. It is important that they do both, before you change your password. You can find many sources online (such as LastPass) to check that your service provider has updated certificates with the latest version of SSL. At Waytek, we have helped many of our customers with testing for vulnerability to this bug.
The Heartbleed Bug is a rude awakening and reminder to update passwords. The Atlantic (April 9, 2014, The Five Things To Do About The New Heartbleed Bug) recently wrote on the Basic Rules of Password Life that serve as a good reminder in light of Heartbleed.
- Err on the side of changing your passwords.
- For sites you care about, never use a password you have used somewhere else.
- Use a password manager to avoid going crazy.
- Use two step security systems.
The more cautious you are, the less vulnerable you will be to security breaches. Contact us with any questions or help you may need in securing your protection from Heartbleed.