Thursday, April 10, 2014

Heartbleed


What in the world is Heartbleed??

I'll let Bret Molina from USA Today explain:

"It's a major bug that affects the technology used to encrypt sensitive information. Ever log in to e-mail or your banking account and notice the "HTTPS" and green lock? That's SSL/TLS, and OpenSSL is among the most popular variants of it.

Heartbleed is a leak in that system that lets anyone read the memory of servers running OpenSSL. "This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content," reads a statement from a Heartbleed website set up by Codenomicon to explain the bug. "This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users."

Codenomicon says it's not clear whether the vulnerability has been abused, but since Heartbleed has been exploitable for a long time, it's difficult to determine whether any service is completely safe."

To read more of his advice (which I would advise), click through this article. He says to wait to change your passwords until the website lets you know that it has fixed the security breach and is safe again. To make sure that the website is safe and know that you should change your password, go through this tutorial from The Mac Observer. The end of this guide from SiteProNews tells you how to make a safe password.

Check your accounts and look through this website list from Mashable that has the affected services on it. Be careful with your information online!

No comments:

Post a Comment