You may have heard about the “Heartbleed” bug recently. It’s a security flaw that allows hackers to steal information and passwords we all thought were secure. Here’s some information in plain English to help you make sense of the news and help protect you. Please be aware that information on this security flaw is changing rapidly, and no one knows the complete story yet.
What systems are affected by the Heartbleed bug?
Computers that you sign in to on the Internet that use SSL-Secure Sockets Layer (only certain versions of SSL are vulnerable). These sites are commonly identified by a padlock in your browser bar, and “https…” in the website address
Other systems that are affected are smartphones, computer networking equipment (switches, routers, etc.), some phone systems commonly used by businesses.
What’s threat does the Heartbleed bug pose?
The threat posed is that information we want to keep private is exposed: passwords, usernames, emails, voicemails. A hacker can even use the flaw to intercept your traffic, and pose as you to the secure server.
What sites are vulnerable to the Heartbleed bug?
Sites that have not updated their software to a newer version of SSL. Most major websites have already updated their software. If you want to check a particular website, you can click here https://lastpass.com/heartbleed
Here’s a link to a site that tracks the top 100 websites for the vulnerability http://www.cnet.com/how-to/which-sites-have-patched-the-heartbleed-bug/
Some common sites that were never vulnerable: Amazon, LinkedIn, eBay, Twitter, MSN, Apple, Microsoft, Bank of America, Chase, Wells Fargo, Target.
What steps can I take to protect myself from the Heartbleed bug?
1. Log out of any secure websites. This will prevent anyone from intercepting your session. You can log back in after you’ve logged out if the site has upgraded their software.
2. Change your password for all secure websites. If your website has upgraded their software, changing your password will help protect you in case your existing password had been compromised.
3. Use different passwords for every website. Don’t make it easy for the hackers to access multiple websites by stealing just one password.
4. Keep an eye out for suspicious transactions on your bank, investment and credit card statements. Report any suspicious transactions to your financial intuition immediately.
5. Setup email, phone, or text alerts for financial transactions. Most banks and credit card companies have alerts you can setup to inform you of transactions on your account. Getting these alerts before your statement arrives can help stop fraudulent transactions.
We are not experts in SSL security, and information contained in this document may be incomplete or incorrect. We have gathered the news from sources we believe are credible, but do not warrant the information.
CNN Money. The Heartbleed bug-What You Need To Know: http://money.cnn.com/2014/04/09/technology/security/heartbleed-bug/index.html?iid=EL
CNN: The ‘Heartbleed’ security flaw that affects most of the Internet: http://www.cnn.com/2014/04/08/tech/web/heartbleed-openssl/index.html?iid=EL
Heartbleed.com. The Heartbleed Bug: http://heartbleed.com/
Cnet.com. Heartbleed bug: What you need to know (FAQ) http://www.cnet.com/news/heartbleed-bug-what-you-need-to-know-faq/
Contact Us now for more information and to tune-up your computer security system.
Edward Zeidan, MBA
CEO and Founder Nerd4Rent, Inc.