Featured

By now you have heard about the internet security problem called the Heartbleed Bug, which was discovered the first week of April.

But in case you haven’t, or just want to know more about it, let me take you through the important points.

What is Heartbleed?

HTTPS Secure pageHeartbleed is not a virus or malware, but a programming bug discovered by a member of Google’s internal security team in conjunction with a security firm called Codenomicon.

The flaw was found in software called OpenSSL which is responsible for setting up the encryption of “secure web pages”.

You’ll recall that whenever you go shopping online, or are on a web page where you are to enter private information, you need to make sure you are on a secure page. You can always tell this by looking for “HTTPS://” at the front of the page address instead of just “HTTP://” (notice there is no “S“).

OpenSSL is what causes this page to be secure.

The Heartbleed bug allows the cyber-bad-guys to make requests and access your supposedly secure data.

So you can see the problem. Hackers could exploit what we think are safe and secure sites using HTTPS.

Not all secure sites use OpenSSL, but since over 60% of sites use SSL security, and of those, almost half use OpenSSL, many security experts are saying that Heartbleed is one of the biggest security threats we’ve ever seen on the Internet.

 

What Has Happened So Far?

As of now, no one has reported any major security breaches via Heartbleed. Since it seems to have been discovered by security experts before the cybercriminals got wind of it, many companies were able to fix the problem before they were attacked.

But the bad news is, it is possible that the bad-guys could have taken advantage of the bug, taken your private information, and then left no trace that they were there.

So there is the chance that bad things have already happened.  But let’s hope not….

 

What Should You Do?

Create a Secure PassswordFirst of all, the main burden for fixing this problem lies with the secure sites themselves. Until a site fixes the problem (and yes, there is a patch for it), there’s nothing you can do.

However, once a site HAS fixed things, you’ll want to visit that site, log-in, and change your password.

(NOTE: it won’t do you any good to change your password until AFTER they have fixed the problem).

Here are links to pages that list the sites who’ve been affected by Heartbleed:

  • Mashable – Heartbleed Hit List – Although it doesn’t have every site listed, Mashable has key information about the most important sites that might affect you. And so far, they have been keeping it up-to-date.
  • LastPass Heartbleed Checker – From the makers of the LastPass Password Manager, a page where you can enter the address of a site to see if it is affected by the bug and whether it has been fixed.
  • GitHub Heartbleed Test – Another site where you can enter the address of a page to see if it’s affected.

Here is a quick snapshot of some popular sites you might use, and their Heartbleed status (as of April 11, 2014):

  • Facebook – was patched, you need to change your password.
  • LinkedIn – was not affected.
  • Google – was patched, you need to change your password.
  • Gmail - was patched, you need to change your password.
  • Yahoo - was patched, you need to change your password.
  • YahooMail – was patched, you need to change your password.
  • Hotmail/Outlook – was not affected.
  • Instagram – was patched, you need to change your password.
  • Pinterest – was patched, you need to change your password.
  • Amazon – was not affected.
  • PayPal – was not affected.
  • eBay – was not affected.
  • Etsy – was patched, you need to change your password.
  • Target – was not affected.
  • Groupon – was not affected.
  • WalMart – was not affected.
  • DropBox - was patched, you need to change your password.

 

To Summarize…

Heartbleed seems to be a perfect example of what you should always know about the Internet…  that there is no such thing as 100% security or safety.

ToDo ChecklistThat being said, I think the good news about all this hoopla is that it raises our sense of awareness about Internet security, but also shows that behind the scenes, there are companies who are watching out for these kinds of bugs in hopes of keeping the bad-guys at bay.

So again, here is what you should do about Heartbleed:

  1. Visit one of the pages I listed above to see if a site you use has been affected.
  2. See if the site has fixed / patched the problem.
  3. If it has, login to that site and change your password.

By the way, CLICK HERE to read an article I wrote about creating the best passwords.  This might be a good time to setup a new, GOOD one!

For more information, the company that helped discovered the flaw, Codenomicon, has setup an information page you can CLICK HERE to see.  Some of the information is a bit geeky, but it’s very complete.

As always, I would love to hear your comments about the subject. You can leave them below!!!

FREE eNewsletter Subscription
Wondering who you can trust when it comes to computer technology? Need answers that aren’t full of techno babble? Sign up for the FREE DiscoverSkills eNewsletter

comment01

{ 2 comments }

Should You Upgrade to iOS 7.1? Yup!

Thumbnail image for Should You Upgrade to iOS 7.1?  Yup! by John Lortz Featured

This past Monday, March 10th,  Apple released a fairly significant upgrade to their iOS software, moving from version 7.04 to 7.1. How significant is the upgrade? Well, it kind of depends upon how you look at it. No, there aren’t any earth-shattering changes in what you see or do like there were when you want […]

Read the full article →

Is Windows 8 for me? Good Question!

Thumbnail image for Is Windows 8 for me? Good Question! by John Lortz Featured

Over the past 6 months, and especially right now as Windows XP users start to panic a bit as they look for an alternative (CLICK HERE to read all about what’s happening with Windows XP), the most common question I get asked is “Should I get a Windows 8 computer or something else?” With all […]

Read the full article →

Browsing Basics PLUS My Favorite Browser Tip…

Thumbnail image for Browsing Basics PLUS My Favorite Browser Tip… by John Lortz Featured

If you really think about it, it’s pretty amazing how the Internet has really taken over as the main source of communication, information, and entertainment for so many people. And the part that we routinely use, the web, has only been around in a usable form since the mid-1990′s. Wow…  incredible growth for something that’s […]

Read the full article →

Should I get a Tablet or a Laptop?

Thumbnail image for Should I get a Tablet or a Laptop? by John Lortz Featured

As the holiday technology-buying season approaches (and also as the “drop dead” date for Windows XP nears… CLICK HERE to read more about THAT), questions are hitting my inbox, asking whether it makes more sense to purchase a tablet or go with a laptop with regards to mobile computing. Great question! In fact just the […]

Read the full article →

CryptoLocker – A “bad” example of ransomware

Thumbnail image for CryptoLocker – A “bad” example of ransomware by John Lortz Featured

I hear about new viruses almost every day, most of which your anti-virus program protects you from. But this particular virus (or malware) is a bit different, which is why I want to devote some time to it here. What is “malware”? Firsts of all, let me explain the terminology I just used.  ”Malware” comes […]

Read the full article →

To All Windows XP Users: Beware of April 8th, 2014

Thumbnail image for To All Windows XP Users: Beware of April 8th, 2014 by John Lortz Featured

By now, most Windows users have heard that on April 8th of next year (2014), Microsoft will stop supplying security updates for it’s old flagship, Windows XP.  Considering that it was first released to computer manufacturers on August 24, 2001, Windows XP will have had a very long and happy life of over 12 years…. […]

Read the full article →

How to Change Windows 7 Desktop Background

Thumbnail image for How to Change Windows 7 Desktop Background by John Lortz Featured

In this Seventh article of the series called “Taking Control of your Windows Desktop“, I’m going to show you how easy it is to change your Windows 7 Desktop Background. The Desktop Background is the “blank screen” your icons are sitting on. And although a lot of folks prefer to have a solid color (which […]

Read the full article →

Create a shortcut in Windows 7

Thumbnail image for Create a shortcut in Windows 7 by John Lortz Featured

Whether you’re new to this thing called Windows, or someone who’s been using it for years, at some point you’ll find the need to really “take control” of your Windows Desktop, and use it as a way to quickly get to your most commonly used programs. A big part of this is learning to create […]

Read the full article →

Online Learning – Online Video – DiscoverSkills Webinar part 4

Thumbnail image for Online Learning – Online Video – DiscoverSkills Webinar part 4 by John Lortz Featured

This is part four of a live DiscoverSkills.com Webinar. In this episode, we specifically discuss online video. During the 50 minute webinar, the first by John Lortz at Discoverskills.com, Online Learning was discussed, including Webinars, eBooks, blogging, and online video. As DiscoverSkills moves more and more of it’s computer and digital photography learning materials online, […]

Read the full article →