FROM KIM KOMANDO:; americas digital goddess If you’ve been on the Internet at all this week, you know the big story is the “Heartbleed” bug. In a nutshell, this bug gives hackers a way past the security on roughly two thirds of the websites out there. Hackers can snag usernames, passwords, credit card information, encryption keys and other sensitive information they shouldn’t have. The worst part is that this bug existed for two years before any security company or researcher noticed. It sounds bad, and it is bad. But it isn’t the end of the world, or even the Internet. Let’s take a look at what exactly is going on and how you can stay safe. Before I can tell you how to stay safe, you need to know a bit about what this bug does and how it came about. As you may know if you’re a long-time reader, an important part of online security is encryption. This scrambles your connection with banking sites, social media sites and other sensitive sites. That way, hackers can’t intercept and read your important data. If you’ve ever seen “https” in the address bar of your browser, that means encryption is turned on. One of the most popular encryption systems in use is OpenSSL. Back in late 2011 and early 2012, however, it got an add-on called the “heartbeat extension.” You don’t need the nitty-gritty details of what it does, but the bug we’re talking about was in this add-on; hence the nickname “Heartbleed.” The result of the bug is that on sites using certain versions of OpenSSL, hackers can bypass any security and download random chunks of information. These chunks are incredibly small, but if hackers get enough of them, they can reconstruct a lot of data they shouldn’t have. They might even be able to snoop on your communication with the website in question. Just to be clear: The Heartbleed problem is with the websites. This bug doesn’t mean hackers can pull information off your computer. It also doesn’t mean you should avoid encryption. Encryption is essential for online security. The long-term fix is in the hands of the affected website owners. First, they have to upgrade OpenSSL to the latest version that squashes the bug. Then they have to get new security certificates – again I won’t trouble you with the details. Once that’s done, many sites will ask users to change their passwords. Fraud alert: If you receive an email from a website asking you to change your password, always open your browser and log in to your account manually. Don’t click on any links in the email. Scammers will be taking advantage of this situation and sending fake emails to trick you into clicking malicious links. Fortunately, websites owners are responding and fixing Heartbleed quickly. Major sites like Yahoo, DropBox, Twitter, Tumblr and many more are already updated. There are still plenty of sites though that aren’t. Of course, you don’t have to wait for websites to finish updating; you can change your passwords right now. With so many sites affected, I would change every password you have to be safe There is some debate about when you should change your passwords. Some experts are saying right away and others say to wait until sites update and tell you to. Given that this has been out there for a while, I say the sooner the better, just to be safe. If a site asks you to update after that, you can always change the password again. Update: The Heartbleed bug is obviously the focus of a great deal of internet attention right now, and the news, and developments, are fluid. My readers are getting a lot of conflicting and confusing information from these URL checkers. LastPass, for example, indicates a possible problem with Komando, though my site was never at risk. My advice is to change your passwords for now and check back to my blog for news as it comes out from the various major sites. I’ll keep you updated! If you’re very worried about a site, you can contact the site’s technical support for more details and instructions. Just be patient as many sites are going to be overwhelmed by worried customers with the same question.
Posted on: Sun, 13 Apr 2014 10:44:11 +0000
Trending Topics
Recently Viewed Topics
© 2015