Site   Web

April 9, 2014

Can You Protect Yourself From the Heart Bleed Bug?

Experts Recommend Internet Users Change Passwords for Sensitive Accounts

Heart Blled Bug check

The Internet is still in a panic a full day after security researchers went public with the Heart Bleed Bug, a flaw in OpenSSL that enables hackers to steal logins, passwords and even credit card information.

The massive vulnerability in the open-source software package broadly used to encrypt Web communications means information normally protected by SSL/TLS encryption is useless leaving Web applications, e-mail communications, instant messaging (IM) and some virtual private networks (VPNs) vulnerable.

Essentially, that means a lot of Internet users are affected, the team of security engineers at Codenomicon and Neel Mehta of Google Security, who jointly discovered the bug, said.

“Your popular social site, your company’s site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL,” reads a Web page devoted to explaining the massive bug.

heartbleed“Many of online services use TLS to both to identify themselves to you and to protect your privacy and transactions. You might have networked appliances with logins secured by this buggy implementation of the TLS. Furthermore you might have client side software on your computer that could expose the data from your computer if you connect to compromised services.”

But what can you do to protect yourself?

Not much, according to the Vox’s Timothy B. Lee.

“Unfortunately, there’s nothing users can do to protect themselves if they visit a vulnerable website. The administrators of vulnerable websites will need to upgrade their software before users will be protected,” he wrote in a blog post.

According to news reports, Yahoo and dating website OKCupid have been affected, although Yahoo has reportedly patched the problem.

A Yahoo representative told the Vox its “team has successfully made the appropriate corrections across the main Yahoo properties (Yahoo Homepage, Yahoo Search, Yahoo Mail, Yahoo Finance, Yahoo Sports, Yahoo Food, Yahoo Tech, Flickr and Tumblr) and we are working to implement the fix across the rest of our sites right now.”

Lee said once “an affected website has fixed the problem on their end, users can protect themselves by changing their passwords. Attackers might have intercepted user passwords in the meantime … there’s probably no way for users to tell whether anyone intercepted their passwords.”

That means you should change your passwords for all sensitive sites you visit — Yahoo users especially should change their passwords. SplashData offers the following tips for choosing more secure passwords:

• Use passwords of eight characters or more with mixed types of characters. One way to create longer, more secure passwords that are easy to remember is to use short words with spaces or other characters separating them. For example, “eat cake at 8!” or “car_park_city?”

• Avoid using the same username/password combination for multiple websites. Especially risky is using the same password for entertainment sites as you do for online e-mail, social networking, and financial services. Use different passwords for each new website or service you sign up for.

• Having trouble remembering all those different passwords? Try using a password manager application that organizes and protects passwords and can automatically log you into websites. There are numerous applications available, but choose one with a strong track record of reliability and security like SplashID Safe, which has a 10-year history and more than one million users. SplashID Safe has versions available for Windows and Mac as well as Smartphones and tablet devices.

There is some good news at least: the researchers who discovered the Heart Bleed Bug informed developers behind OpenSSL a number of days before going public with the flaw, so much of the problem was fixed before word got out yesterday, according to Business Insider.

“Most major service providers should already be updating their sites, so the bug will be less prevalent over coming weeks,” the report said.

To determine if a site you want to visit is safe, check here first.


avatar

Jennifer Cowan is the Managing Editor for SiteProNews.

7 Responses to “Can You Protect Yourself From the Heart Bleed Bug?

    avatar Brian says:

    The Splashid product you recommend recently tried to force all it’s users to put their passwords in their cloud server. Making them vulnerable to exactly this kind of attack.

    Hi Brian,
    Just to clarify, we are not recommending anyone use SplashData’s products. We are simply pointing to some useful tips the company offers on choosing a strong password. Thanks for the feedback and for reading SitePro!

    avatar Mark Shepherd says:

    Please review your decision to use a relatively low contrast font color.
    The gray is killing my eyes. I could not care less about reading your content when I have to work so hard to stay on the page!

    Hi Mark,
    We’ve darkened the text on SPN by 25 percent. Hope that helps.

    avatar Matthew says:

    Do you think it’s good idea to start using any kind of password managers these days? I am quite leery to after the Robo Form, Sticky Password bug appeared.

    I’m leery of them myself and have never used a password manager.

    This heartbleed case has been storming around the web. Yet many have not known of what it is about.
    Thanks, Jen, for the insightful and helpful post, especially for referring to filippo to easily do a heartbleed stuff check. ;)

Submit a Comment

Your email address will not be published. Required fields are marked *






You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Please leave these two fields as-is:

Protected by Invisible Defender. Showed 403 to 2,116,227 bad guys.

css.php