Heartbleed follow-up

Overview of events

On Monday April 7th, a serious vulnerability was identified in one of the most popular implementations of the SSL protocol, called OpenSSL.  SSL is a very important security protocol used throughout the Internet. Not only does SSL encrypt your online communications, but it helps ensure you are connecting to legitimate websites when you do things like shop or bank online

What it does

The Heartbleed vulnerability allows a hacker to connect to a webserver and harvest sensitive information, which may include your login and password. If an attacker were able to harvest such information, they could use that information to log into any of your accounts using the same username and password. Most sites including Facebook, Yahoo, CNN were affected.

Steps you should take

There are several steps you can take to protect yourself. Not only will these steps help protect you against the Heartbleed vulnerability, but they will help protect you against many other attacks in the future

·         First, change your passwords on websites that you know were vulnerable and have patched the vulnerability, starting with your most important accounts first. If you do not know if a website was vulnerable, go ahead and change your password anyway. This is a great time to update your passwords and improve your online security.

·         Make sure you update your passwords you use strong, hard-to-guess passwords. In addition, if the website supports something called two-step verification, enable it. This is an additional step that helps make your online account more secure. Finally, if your password has personal questions, we recommend changing the answers.

·         Make sure you are using a separate, unique password for each of your online accounts. That way, even if one website is compromised, all of your other accounts will still be safe. Can’t remember all of your passwords? Congratulations, that means you are using strong passwords. We highly recommend you use this opportunity to start using a password manager that stores all of your passwords securely. These are great tools that can not only simplify your online activities, but help make them far more secure.

·         Do not forget your email clients. If your email client, such as Outlook or Apple Mail, is using SSL to connect to your mail server, you may need to change those passwords as well.

Have a safe day

Heartbleed bug leaves everyone heartbroken

We all thought that April 8, 2014, will go down in computer history as the day when one of Microsoft's most beloved products reached the end of support.

As it turns out, we were wrong, as that expected occasion was overshadowed by an unexpected event: the public revelation of a bug that affects OpenSSL, one of the most widely used implementations of the SSL and TLS protocols and, thus, a wide array of operating systems and applications, computers and Internet-of-Things devices, smartphones and tablets.

OpenSSL, an open-source cryptographic library that is the default encryption engine for popular Web server software and is used in many popular operating system and apps, sports a critical vulnerability that can easily be misused by attackers to impersonate online services and steal information users believe to be protected by SSL/TLS.

What's even worse is that such an attack leaves no physical trace in the logs, so it's impossible to tell whether the vulnerability - dubbed the "Heartbleed Bug" by the Codenomicon and Google researchers who identified it - has been exploited in the wild since it was first introduced in December 2011.

Find out:

More details about the vulnerability



 

So I am getting bombarded with calls, emails and text messages with the following topics.

XP is no more. What do I do? 

Simple answer. Buy a new computer, laptop, tablet with Windows 7 or 8.1. XP is 12 years old and you most likely have an old computer that is at least 7 years old. Windows 7 will not run on that hardware. I could recommend you look at Tiger Direct or Dell for the best deals. 

Heartbleed... What  do I do?

At this point in time most sites have updated their sites and re mediated their vulnerabilities. This would be a good time to change your passwords on all the sites you have an account with. Also,  you may want to look at a password manager and keep a record of all your username/passwords. Yes, you should not be using the same account credentials for all your sites. Just think about it... If you use the same account for your email as you do for your banking site then a hacker could easily access all your accounts and god knows what happens from there.

Best free password program I could recommend is keepass. 

As always, feel free to contact me with any questions or comments.

Thanks

Joe