The Heartbleed bug is now the newest threat to your internet browsing security. The heartbleed bug affects sites that many users visit every day by potentially exposing valuable personal information to hackers. This bug exploits a hole found in the open-source software that encrypts communications for many popular websites, called Open SSL. Normally, a secure website connection between users and websites will show encrypted data for unauthorized parties. The site will also display a padlock and the HTTPS extension in the web address bar. With the heartbleed bug, an attacker can now use a special script to translate private encrypted information stored on servers to readable text using the Open SSL software. Some hackers can even create fake websites to trick people into handing over their personal information, such as credit card numbers for online shopping.
What types of information does the heartbleed bug collect?
- Usernames
- Passwords
- Credit card information
- Data in your internet browsing cookies
- Confidential company documents
What major websites were affected?
- GoDaddy
- Dropbox
- Yahoo
What major websites were not affected?
These are a few sites that heartbleed did not affect since they either do not use OpenSSL to encrypt their data or did not use the problematic version.
- American Express
- Apple, iCloud, and iTunes
- Bank of America
- Chase bank
- Healthcare.gov
- Microsoft, Hotmail, and Outlook
To see a complete list of affected and unaffected websites, you can visit this page on money.cnn.com.
How can you protect yourself from the heartbleed bug?
- Check if any websites you use are vulnerable to the heartbleed bug. On the Heartbleed test webpage at https://filippo.io/Heartbleed/, you can enter the website address to see if it is safe to visit.
- Change the passwords to your heartbleed-affected websites once the owner fixes the site.
- Do not visit unfixed websites at all until the owner repairs its encryption system. Any new passwords you enter to those sites are at risk of compromise.
- If you used one password to access all your websites, you will need to replace the passwords to all your websites. This includes the websites unaffected by the heartbleed bug. Do not use the same password for all your websites going forward.
- Clear out the cache on your web browser (Firefox, Chrome, Safari, and Edge) so you will not have old passwords available to use on another site.
- If your website has an SSL certificate, typically for visitors to make credit card payments online, replace it. Contact your hosting site (GoDaddy, GlobalSign, Comodo) to get a fresh SSL certificate.
- Consider a password service for managing your website login information. LastPass and RoboForm will create hard-to-crack passwords, store them, and automatically fill in your information when you go to the site of your choice. The communications between the password manager and your favorite website are under encryption.
SwiftTech Solutions can help your business manage security risks involved with employee internet browsing, including the heartbleed bug. Protect your business now by contacting SwiftTech Solutions for a review of your network security. You can call 877-794-3811 or email info@swifttechsolutions.com for a free consultation.
SOURCES
Vaughan-Nichols, S. How to protect yourself in Heartbleed’s aftershocks. (2014, April 10). Retrieved from: http://www.zdnet.com/how-to-protect-yourself-in-heartbleeds-aftershocks-7000028311/#ftag=RSS86a1aa4
Vaughan-Nichols, S. How to recover from Heartbleed. (2014, April 9). Retrieved from: http://www.zdnet.com/how-to-recover-from-heartbleed-7000028253/
Fung, B. Heartbleed is about to get worse, and it will slow the Internet to a crawl. (2014, April 14). Retrieved from: http://www.washingtonpost.com/blogs/the-switch/wp/2014/04/14/heartbleed-is-about-to-get-worse-and-it-will-slow-the-internet-to-a-crawl/
Whitney, L. Beyond Heartbleed: Why you need a password manager. (2014, April 15). Retrieved from: http://www.cnet.com/news/beyond-heartbleed-why-you-need-a-password-manager/
CloudTweaks Newsletter. Heartbleed – Which Sites Are Vulnerable? (2014, April 15). Retrieved from: http://us2.campaign-archive2.com/?u=04809abc68958c8c94da79e96&id=4ab610ae0b&e=3856292924
Nieva, R. Heartbleed bug: What you need to know (FAQ). (2014, April 11). Retrieved from: http://www.cnet.com/news/heartbleed-bug-what-you-need-to-know-faq/
Codenomicon. The Heartbleed Bug. Retrieved from: http://heartbleed.com/
Kirk, J. Tests confirm Heartbleed bug can expose server’s private key. (2014, April 13). Retrieved from: http://www.pcworld.com/article/2143080/tests-confirm-heartbleed-bug-can-expose-servers-private-key.html
Campbell, J. Heart Bleed Virus Test: Bug Update – Test Websites Before Changing Security Passwords on Gmail, Yahoo etc. (2014, April 14). Retrieved from: http://www.christianpost.com/news/heart-bleed-bug-test-virus-update-test-websites-for-computer-bug-before-changing-gmail-yahoo-facebook-paypal-security-passwords-117856/
Shankland, S. ‘Heartbleed’ bug undoes Web encryption, reveals Yahoo passwords. (2014, April 8). Retrieved from: http://www.cnet.com/news/heartbleed-bug-undoes-web-encryption-reveals-user-passwords/
Valsorda, F. Heartbleed Test. Retrieved from: https://filippo.io/Heartbleed/
WikiHow. How to Clear Your Browser’s Cache. Retrieved from: http://www.wikihow.com/Clear-Your-Browser’s-Cache
Pagliery, J. Change these passwords right now. (2014, April 14). Retrieved from: http://money.cnn.com/2014/04/10/technology/security/heartbleed-passwords/