Monday, April 21, 2014

Have you heard of the Heartbleed bug?


Heartbleed is the name of a major security vulnerability that may affect nearly two-thirds of websites online. It’s a severe situation potentially exposing your login information—your username and password—and other sensitive information about you.

What is Heartbleed?
It is important to understand that Heartbleed is not a virus, but rather a mistake written into OpenSSL—a security standard encrypting communications between you, the user, and the servers provided by a majority of online services. The mistake makes it possible for hackers to extract data from massive databases containing user names, passwords and other sensitive information.

What can you do?
Unfortunately, there's not much you can do about the bug itself. The only way to fix this problem is for the vulnerable sites to update OpenSSL and reissue their security certificates.

If possible, try to avoid connecting to vulnerable sites and services until they notify you of a fix. Do not change your passwords on your favorite sites until they notify you that they have fixed the bug. If and when you do get confirmation, update your passwords as usual, but make sure they are strong.

You can test the vulnerability of specific websites here: http://tif.mcafee.com/heartbleedtest.

Now is a really good time to make sure ALL of your passwords for all sites are strong, especially the ones for your financial institutions, or websites where you have accounts that maintain credit card information, client records, or proprietary or confidential intellectual property.

Read more about the Heartbleed Bug

No comments:

Post a Comment