On Monday, April 7th a very serious internet security bug was discovered. This bug affects nearly two-thirds of all internet websites. The bug is called Heartbleed and it causes a vulnerability in the OpenSSL cryptographic library.
Everyone should know what the Heartbleed bug is, how it affects them, and what they need to do about it.
How bad is the Heartbleed bug?
Heartbleed is being considered one of the Internet’s biggest security threats since it has been around for two years, but it was only recently discovered.
Even though many companies have applied patches, your information is still vulnerable. After a company applies the security patch, it is up to you to do your part to make sure your information is safe!
This bug could essentially allow attackers to gain access to highly sensitive information, including credit card numbers, usernames, passwords, and other important data.
“This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs),” reads a description of the bug on the Heartbleed.com website.
Mashable explains that the issue involves network software called OpenSSL, which is an open-source set of libraries for encrypting online services. Secure websites — with “https” in the URL (“s” stands for secure) — make up 56% of websites, and nearly half of those sites were vulnerable to the bug. In theory, a cybercriminal could have exploited Heartbleed by making network requests that could piece together your sensitive data. The good news: There isn’t any sign that a hacker caught wind of this; it seems the researchers were the first to find the problem. But the scary part is that attackers could have infiltrated these websites, extracted the information they wanted and left no trace of their presence. Thus, it’s hard to determine whether someone ever exploited the bug, or if your account information was compromised.
More detailed and technical information about the bug can be found at Heartbleed.com.
How do I know if sites I use were affected by the Heartbleed bug?
The best way to determine if a site is or has been vulnerable to the Heartbleed bug is to use the Heartbleed Checker by Lastpass.
Mashable has put together a small “hit list” to help you get started, but please do not stop checking after looking over this list.
The Heartbleed bug affects nearly two-thirds of all internet websites.
What to do after you know which sites are affected by Heartbleed
Change your password for those sites AFTER the company applies the security patch and announces that things are “all clear”. To determine when it is safe to change your password, you can continue to check the Lastpass Heartbleed Checker.
If you use the same password on another site that was not affected by Heartbleed that you use on a site that was affected, then you need to change your password on those sites too. Hackers that got your password on a vulnerable site will try to use it on other sites to attempt to gain access. Best practice is to change all of your passwords at least once a year and use a different password on each site. Yes, I know this is a very tedious and time-consuming thing to do. But a tool is available to make your life easier.
How to easily manage different secure passwords for every website
Having a different password for everything is really important. However, it is difficult to remember so many different passwords. LastPass makes this easy! You only have to know one password and LastPass will do the rest! Use this link and get a month of Premium for FREE.
Devices are also vulnerable to the Heartbleed bug
In its own Heartbleed disclosures on Wednesday, Google states that Android devices running Android 4.1.1 Jelly Bean are vulnerable to Heartbleed. Google said patching information is being distributed to its Android partners. According to a Google spokesperson, millions of Android devices are running version 4.1.1.
Mashable reports that Networking vendors such as Cisco, Juniper Networks, F5 Networks and Fortigate have all issued security alerts, disclosing that some of their products are affected by Heartbleed. Many Network Attached Storage (NAS) devices are also affected. Additionally, open source router firmware DD-WRT and OpenWRT are also vulnerable.
If any of your devices are affected by the Heartbleed bug, keep checking the manufacturer’s website for updates. Also, you may need to contact their support department for more information.
Remember, it is up to you to protect yourself and your information. Be sure to share this blog with your friends and family so they will be aware. Heartbleed can cause tremendous damage to your identity if your information is compromise. Be safe. Stay safe. Keep others safe on the Internet. Now, to share this post!
Lastpass Heartbleed Checker | Lastpass
What Is the Heartbleed Encryption Bug? | Mashable
Android 4.1.1 Devices are Vulnerable | Mashable
Networking Equipment Makers Scramble to Patch Heartbleed | Mashable
‘Heart Bleed’ Bug Imperils Web Encryption; Passwords, Credit Card Numbers at Risk | The Epoch Times
How to Protect Yourself From the Heartbleed Bug | Mashable