Security

More On Heartbleed And The Steps You Need To Take

We have been receiving a lot of calls from our customers lately asking about Heartbleed. People are asking what it is, and how they can protect themselves. Below is a description of Heartbleed, and what you need to do to start regaining your internet security.

What steps should you take?

Heartbleed needs to be taken VERY seriously, and as a result the steps to start solidifying your internet security again are going to be cumbersome.

“Due of the complex nature of this vulnerability, changing your passwords before sites update their version of OpenSSL won’t fully protect you.

Here are some simple steps you can take as a precaution:

  • Change your passwords on any website that contains sensitive information about you. You should first confirm that the site does not contain the Heartbleed vulnerability by using this tool HERE.
  • If you’ve reused passwords on multiple sites, it’s especially important to change them.To change your Norton Account password, visit manage.norton.com and click Account Information.
  • Beware of phishing emails and type website addresses directly in your browser instead of clicking on a link through an email.
  • Monitor your bank and credit card accounts for unusual activity.

We recommend you only exchange personal or sensitive information such as your credit card number if the site is not affected by Heartbleed.” – Norton Antivirus

Read on to find out more on Heartbleed.

What is Heartbleed?

Heartbleed is a bug that was discovered with the way private information is encrypted over the internet. When you are accessing a website, your computer is communicating with it by both sending and receiving information back and forth. Majority of the time this is done through a security tool known as OpenSSL. Heartbleed is the name of the bug that has shown to be a flaw in the way this process works, and in turn made all of this information that has been sent between the internet and your computer visible and accessible to anyone who is looking for it.

What makes the Heartbleed Bug unique?

Most bugs come and go and are fixed by new versions. However this bug has left large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease of exploitation and attacks leaving no trace this exposure should be taken seriously.

What type of people and websites are affected by Heartbleed?

Over 80% of all websites on the entire internet have been affected by this bug. The result leads to a terrifying number of people who have been affected or at least susceptible to it. Furthermore you might have client side software on your computer that could expose the data from your computer if you connect to compromised services. In fact, since over 90% of people on the internet have been  vulnerable to it, Heartbleed is now known as the most catastrophic thing that has happened on the internet since it’s creation. To reiterate, banks, social media, news websites, blogs, e-mail, and websites with streaming content have all been affected thus making you the consumer vulnerable. Below is a very small list of some of the websites that have been affected.

 

A SMALL checklist from Mashable.com of some of the major sites affected by Heartbleed

Mashable

Infoworld

Heartbleed

Norton Symantec

 

 

 

 

Advertisements

Heartbleed Rated as Most Catastrophic Internet Bug of All Time

The Heartbleed Bug

The Heartbleed OpenSSL vulnerability is a complete nightmare. What’s even worse is how limited you are in protecting your information. Since most who are affected by the bug are what’s known as an “end user” (The person who actually uses a particular product.) The responsibility to fix this mammoth issue is the person who manages the web service or manages the back-end service that the web service uses. ( over 500,000 websites so far )

So what does all of this mean, and why is it so bad? First we need to start with explaining the importance of OpenSSL. OpenSSL is a enormous part of the internet that everyone uses. OpenSSLis essentially a form of encryption that encodes everything your computer is sending to a website, in turn the website receiving it has encryption keys to decode this information and translate it back into useful information. This information can be ANYTHING from Usernames and passwords, to social security numbers and credit cards. On a scale from 1 to 10, this is a 20 in the magnitude of bad things that can happen on the internet. Furthermore, this enormous security threat has been around since December 2011! That’s over 800 days of everything you have sent on the internet that has the potential to be stolen. One of the most terrifying parts about all of this is that this entire bug has an astronomical amount of potential points that it can spread to. Most of us use the same password or set of passwords for most everything we do, so if at some point over the existance of this bug your password was recorded, you will not only have to change the password on the site it was recorded on, but all other sites with the same password.

What you CAN do against Heartbleed: 

Check out:

Mashable.com for a huge list of what has been affected and passwords you should change.

lastpass.com to manually search any websites that you want to check the vulnerability of

Known sites that have been affected so far:

  • Facebook (unsure)
  • eBay (unsure)
  • Tumblr
  • Google
  • Yahoo
  • Gmail
  • Yahoo Mail
  • GoDaddy
  • Amazon Web Services
  • H&R Block ( unsure )
  • Healthcare .gov
  • Intuit (TurboTax)
  • IRS (unsure)
  • Dropbox
  • LastPass
  • Netflix (unsure)
  • OKCupid
  • SoundCloud
  • Wunderlist

 

 

 

Heartbleed: New Bug Can Expose Your Internet Data

The Heartbleed Bug

Recently a bug has been discovered by the name of Heartbleed which has openly exposed usernames, credit card numbers, and passwords of which hackers might have exploited during the two years it has gone undetected. Heartbleed is being claimed as the worst bug to come out as the flaw is more than the usual security breaches that you have heard about over recent years. The main issue with Heartbleed is this time it’s in the code designed to keep servers secure. This is affecting tens of thousands of servers on which data is stored for literally thousands of websites. This is a major issue for anyone who frequents the internet, and for business owners who conduct their business through the internet as well. You can read the rest of the article HERE, and also the technical explanation about this bug and what you can do to stop it at heartbleed.com.