‘Heartbleed Bug’ – What You Need to Know
It's been a little more than a week since the vulnerability created by the "Heartbleed Bug" was reported to the public. Here is a lot of very important information on what you need to know to protect yourself.
WHAT IS HEARTBLEED?
Heartbleed is basically a programming mistake that leaves different types of Internet data open to hackers. Heartbleed more simply put, is a bug. Unfortunately, it’s a bug that lives in a piece of security software called OpenSSL, and almost every single secure website in the whole cyber world uses. Do you see a little padlock in the address bar of your browser? If yes, that’s OpenSSL.
WHAT IS HEARTBLEED GOING TO DO? AM I GOING TO DIE?
The Heartbleed bug has allowed attackers to grab random bits of information from various web servers. This is information that could include usernames and passwords, encrypted keys that shield some content from unwanted eyes, or even coded "certificates" that many websites use to verify that they are who they say they are like BANKS. Basically, Heartbleed means that there’s a little hole in this whole process, giving cyber criminals potential access to this information while it’s in transit.
One day, you will die, however it will not be related to the Heartbleed bug. If your actual heart is bleeding, you are going to need a lot more help than I can offer.
IS HEARTBLEED COMING AFTER ME?
How many sites do you use with that little padlock? Lots of them? Yes? Then it’s coming after you.
WILL EVERYTHING BE ALRIGHT?
- Everything is going to be alright. Follow these steps below, and pay attention to website updates about fixing the bug, which should not take very long, because they’re all pitching massive fits right now.
- Try to avoid using any sites that have been effected by Heartbleed UNTIL internet overlords have fixed the problem. Don’t change your passwords until this has happened, because your new ones will be just as at risk as your existing ones. The sites below are now fixed.
- If you have changed your password to any of these sites before 4 days ago (4/10/14), they may not have implemented the new security fix yet, and that means it’s a really really REALLY good idea to change it again.
- Apple’s desktop and mobile operating systems are NOT affected by the OpenSSL vulnerability BUT sites you go to could be.
- Google mobile operating system Android is affected by the Heartbleed bug, but only devices running Android 4.1.1 Jelly Bean. Android devices running 4.1.2 or higher are in the clear.
SITES THAT WERE AT ONE TIME PRONE TO HEARTBLEED (Just a few of many)
WHAT SHOULD I DO?
You are strongly urged to change your PERSONAL passwords to sites and logins such as:
Google (gmail, youtube, Google +)
Personal Wordpress sites
Your banking passwords
HOW CAN I CHECK A SITE FOR HEARTBLEED?
To check a site, you can use this Heartbleed Checker here:
We spoke to Matt Keathley with Tri-State Computer repair and we asked how to explain how Heartbleed works in layman's terms and he said,
Say for instance a criminal used Heartbleed and got your password at a mustang enthusiasts forum you read a few times. Well now they know your password and user name for that site. Your usename is often your email address so they know that now as well. So they will use that information to try to login into your email account. If it was the same password they will get in. Even if the site was not affected, its important to change your password anyway. BECAUSE a lot of folks have accounts on multiple sites, sometimes even accounts they forgot about, and most people use the same password on several sites at once."
PASSWORD TIPS: (from my IT guru Troy)
A strong password:
Is at least eight characters long.
Does not contain your user name, real name, or company name.
Does not contain a complete word.
Is VERY different from previous passwords.
A password might meet all the criteria above and still be a weak password. For example, Hello2U! meets all the criteria for a strong password listed above, but is still weak because it contains a complete word. H3ll0 2 U! is a stronger alternative because it replaces some of the letters in the complete word with numbers and also includes spaces.
Help yourself remember your strong password by following these tips:
Create an acronym from an easy-to-remember piece of information. For example, pick a phrase that is meaningful to you, such as My son's birthday is 12 December, 2004. Using that phrase as your guide, you might use Msbi12/Dec,4 for your password.
Substitute numbers, symbols, and misspellings for letters or words in an easy-to-remember phrase. For example, My son's birthday is 12 December, 2004 could become Mi$un's Brthd8iz 12124 (it's OK to use spaces in your password).
Relate your password to a favorite hobby or sport. For example, I love to play badminton could becomeILuv2PlayB@dm1nt()n.