What Heartbleed is, and What You Should Do
What is it?
Heartbleed sounds scary by the name alone. It’s all over the news, but just what is it? What should the average Internet user do about it? Heartbleed is complicated and involves some Internet security understanding, but here we’ll strip out most of those details and get to the essentials.
Heartbleed is a bug – a mistake in security code – that has potentially allowed in-the-know hackers to exploit the problem and grab unencrypted usernames, emails, passwords, and other random sensitive information a bit at a time through small packets of data, nicknamed “heartbeats.” The bug has been around for two years, but it was only just discovered by companies Codenomicon and Google.
Who is Affected
Any “secure” website using the security software OpenSSL which had the buggy code (an update within the last two years) could potentially be compromised. Nobody knows for sure if they HAVE been compromised. It is possible that up to two thirds of the web could have this bug. There are a lot of unknowns.
Some big websites may have been affected: Yahoo, Google , and Facebook. Though these websites have already updated their software, they suggest that users still take the time to change their passwords.
Some websites never used the vulnerable software: big banks were less likely to use the open source software, Microsoft said it was unaffected, and LinkedIn seems to have been safe.
Why Should You Be Worried?
You should be worried because if someone has exploited the bug, your usernames, emails, passwords, security questions, and other sensitive information could have been available to malicious users for the past two years. If you use the same passwords (or similar passwords) on multiple sites, this could give them access to those other websites as well.
If a website with the compromised code does not update, they are still an open gate. If a website has updated but you have not changed your password, someone might have that info to use when they see fit – if someone has grabbed that info in the past, they still have it.
We don’t know how extensive the problem is – entire website databases could have been compromised. The good news is that the bug was brought it to our attention rapidly after it was discovered, allowing word to get out before the bug was exploited on a wider scale.
Recommendations
There is only so much a user can do. The biggest problems lie on the website side of things, and it is the responsibility of those website owners to update their keys. If the website has not run updates on their side, the bug can still be exploited even if you change your passwords.
Most big companies updated their software right away and recommend changing your passwords. Unfortunately, not all companies are being clear about whether or not they were vulnerable to the problem, and if they have since patched the bug.
Our recommendations are to do the following:
- Update your passwords on all of the websites you use, especially ones where you store sensitive or personal information.
- Make sure all your passwords are different – do not use the same one for each website.
- Be prepared to change your passwords again in case a site has been slow to update.
Best Practices Going Forward
It’s hard to remember many complicated passwords (and complicated passwords are the most secure), so we recommend using a program like LastPass or KeePass to keep track. While nothing is entirely failsafe, they are a lot more secure than trying to remember many simple passwords or even worse, using the same password everywhere.
It is also good practice to update your passwords periodically.
When, Not If
The internet is complex and only getting more so, and for better or worse much of it is unregulated. When it comes to any kind of security breach or data theft, expect that something could potentially happen, and work out a plan for what to do when it does.
Follow Appletree Mediaworks on Twitter or like us on Facebook. Visit our website for more information on data and security and what to do about breaches, and about what’s happening on the web.
—–
Common Sites You Should Change Your Passwords For
Password Changes Suggested (They have updated their SSL)
Facebook
Tumblr
Google/Gmail
Yahoo
Turbotax
Dropbox
SoundCloud
Okay/Don’t need to change passwords*:
LinkedIn
Amazon
AOL
Outlook/Hotmail
Paypal
Target
Most big banks
Taxes/Accounting sites (except Turbotax)
Evernote
Unclear: (Have not made an official statement – they claim to be okay, in some cases)
Twitter
Apple
Ebay
Netflix
* It can’t hurt to change your passwords anyway. Just be prepared to do it again if necessary.
Technical Details of Heartbleed: http://heartbleed.com/
Subscribe To Our E-Newsletter
Recent Articles
- The Great Phishing Scamdemic
Have you been noticing an abundance of suspicious looking emails flooding y…
- Serious Risks to Consider When Socializing Distantly
In today’s crazy world of staying home instead of visiting friends, we’ve a…
- Ten Tips on How to be Successful While Working From Home Dur
As a web developer of over 15 years, I’ve spent a lot of time working remot…
- How to Stay Safe Online During the COVID-19 Outbreak
The COVID-19 outbreak has taken the world by surprise. In these unprecedent…
- Google Images are Not Free
Images are a great way to catch eyes on your website, social media, and eve…
Social Media
- Chinese Government Holds Back Everyone’s Internet Freedom: A strong example of the problems this world... Chinese Government Holds Back Everyone’s Internet Freedom: A strong example of the problems this world faces with cyber censorship is what is going on in China. The government blocks many websit ...
- EU-US Privacy Shield Still Not Protecting Your Privacy: Still collecting bulk data, problems with the... EU-US Privacy Shield Still Not Protecting Your Privacy: Still collecting bulk data, problems with the judicial redress act, and no true protection for businesses
- Copyright and Social Media: This has become a gray area. Almost everyone is guilty of... Copyright and Social Media: This has become a gray area. Almost everyone is guilty of sharing something on social media, whether it be Facebook, Twitter, or Pinterest, that was copyrighted and not you ...
- How Your Devices are Tracking you and How to Stop it: Apple, Microsoft, and Android How Your Devices are Tracking you and How to Stop it: Apple, Microsoft, and Android
- Being Safe while Downloading Apps: With how many apps are downloaded it is always a... Being Safe while Downloading Apps: With how many apps are downloaded it is always a good idea to stay safe while downloading. You must take precautions, learn where to download, and do your research.
- Why Labor Unions Need Member Data System: Many large organizations – specifically labor unions –... Why Labor Unions Need Member Data System: Many large organizations – specifically labor unions – struggle trying to keep their member data updated and accessible. Without a centralized dat ...
- Is Your Phone Keeping You up at Night? Our electronics tend to distract us from... Is Your Phone Keeping You up at Night? Our electronics tend to distract us from going to bed, disrupt our sleep with constant sounds, and hurt our health with their blue light.
- All About Browsers: With so many browsers out there including: Google Chrome, Mozilla Firefox, Opera,... All About Browsers: With so many browsers out there including: Google Chrome, Mozilla Firefox, Opera, and Safari, you may have a hard time choosing one. While all of them have their ups and downs you ...
- Mobile Sub-Site versus Responsive Web Design: In 2016, if your website is not mobile ready... Mobile Sub-Site versus Responsive Web Design: In 2016, if your website is not mobile ready you need to change that today. Two main ways to make your site mobile is to either have a mobile sub-site or ...
- Do Not Track: Two members of congress filed a bill called the ‘Do Not Track... Do Not Track: Two members of congress filed a bill called the ‘Do Not Track Online Act of 2015’
- Website Tips for 2016: -Fresh Up to Date Modern Websites -Easy Navigation is Key -Website... Website Tips for 2016: -Fresh Up to Date Modern Websites -Easy Navigation is Key -Website Usability -Improve Your SEO -Social Media
- Where Technology and Christmas Come Together: Check out some of the ways you can enjoy... Where Technology and Christmas Come Together: Check out some of the ways you can enjoy the Christmas festive technology and how you can share some yourself.
- How to Stay Safe While Holiday Online Shopping: Learn where to shop online, how to... How to Stay Safe While Holiday Online Shopping: Learn where to shop online, how to be secure, and best practices to keep yourself safe.
- Newsletters in the Digital Age! In a digital age sending out electronic newsletters instead of... Newsletters in the Digital Age! In a digital age sending out electronic newsletters instead of paper newsletters has become much more popular. While deciding to do your newsletter does have its downsi ...
- Safe Harbor Ruled Invalid, How it Affects You: The European Union and the Unites States... Safe Harbor Ruled Invalid, How it Affects You: The European Union and the Unites States will be meeting on December 17th to create a new agreement for the Safe Harbor. They plan to conclude this agree ...
-
- The Internet Helps in a Crisis: Everyone has heard about the recent Paris Attacks on... The Internet Helps in a Crisis: Everyone has heard about the recent Paris Attacks on November 13th many dead, wounded, or stranded. Many companies have made use of the Internet in a time of crisis to ...
- Advertising Online for your Business: Advertising your business online can boost your sales and website... Advertising Online for your Business: Advertising your business online can boost your sales and website traffic if done the correct way. There are many different ways and places to advertise online
- Using Analytics for Your Business: Analytics is data analysis that usual involves taking past data... Using Analytics for Your Business: Analytics is data analysis that usual involves taking past data to find trends and effects or decisions or events. It can also compare old data with new data using a ...
- The NSA and Online Privacy: Many studies, cases, and documents show that the NSA is... The NSA and Online Privacy: Many studies, cases, and documents show that the NSA is spying on American citizens using online surveillance. As an American, this invades our Freedom of Speech and our Ri ...
- BrandiGirlBlog published this great chart of color and size conversions between inches and pixels, etc.... BrandiGirlBlog published this great chart of color and size conversions between inches and pixels, etc. MonaRaeBeads.etsy.com ★ || CHARACTER DESIGN REFERENCES | キャラク& ...
- Learn About Scam Emails: Scam emails are a very popular and while most email services... Learn About Scam Emails: Scam emails are a very popular and while most email services have a spam sorting feature built in, not all will be sorted properly. Scams can look like they came from a friend ...
- Google Event, the Good and Bad: Google held their press event on Tuesday, September 19th... Google Event, the Good and Bad: Google held their press event on Tuesday, September 19th in San Francisco announcing many new products such as the Nexus 6P and 5X, the new Chromecast 2, Chromecast Aud ...
- Prevent Malware on your Smartphone: Different malware includes adware, bug, spyware, Trojan horse, virus, and... Prevent Malware on your Smartphone: Different malware includes adware, bug, spyware, Trojan horse, virus, and many more (Learn more about Malware types ) There are some signs that your phone is being ...