Home / Internet / Serious Online Security Breach Has Been Found, “Heartbleed” Widespread Problem
Print Friendly and PDF

Serious Online Security Breach Has Been Found, “Heartbleed” Widespread Problem

Posted on April 11, 2014

You know the lock icon that pops up next to URLs to tell you a website will keep your information safe? It turns out it has actually left your private data unsecured for more than two years.

Websites encrypt your information, like emails, passwords and credit card numbers, so if anyone tries to snoop, they get a gibberish code and your data stays between you and the people you want to send it to. At least that’s the way it’s supposed to work. This week, researchers found a hole in OpenSSL, the lock that an estimated two-thirds of websites use. They’re calling the bug “Heartbleed.”

What’s more, any attacks let in due to the bug can’t be traced, experts say. This is a gaping security hole with “epic repercussions,” director of security firm AlienVault Labs Jaime Blasco says, even if you’re starting to become numb to all the data breaches of late.

Here are 5 rules for using the Internet after Heartbleed.

1. Trust no one

Run the websites you have accounts with through tools like the Heartbleed test to see if they’re vulnerable or if the security gap has been patched before logging on. The page is fielding about 4,000 searches a minute, Milan-based freelance developer Filippo Valsorda said. Download the Chrome browser extension, Chromebleed, to receive notifications when you land at a website that hasn’t fixed the problem yet. “In computer security, you never know when there’s going to be a vulnerability,” says Joost Bijl, marketing manager at the security firm Fox-IT.

2. Change your passwords and use two-step verification

“Change your password” is a mantra consumers have heard for years. It sounds simple and experts say it’s still the first step users should take to protect themselves in case their communications were intercepted due to Heartbleed over the last two years. The safest move would be to change all your passwords, given the dominance of OpenSSL, the technology associated with the bug. Many companies, including Google GOOG -1.38% , Facebook FB -1.35% , Twitter and PayPal offer two-step authentication, asking users a security question or sending a code via text message when someone tries to log in from a new machine. “If someone lifts your password, then they still can’t log in,” Bijl says.

3. Be wary of public Wi-Fi networks

Turn off the setting that autoconnects your smartphone to public Wi-Fi networks, which can be exploited by malicious hackers. Airport and hotel Wi-Fi connections are convenient, but experts say these unsecured connections leave you open to attacks. When you do use them, set up a virtual private network to secure your Internet traffic. There are some free VPN services, though many charge monthly rates.

4. Monitor recent account activity

Some companies, like Google, offer email activity reports that show where and when an account was accessed.

Continue Reading on www.marketwatch.com

Print Friendly and PDF

Posting Policy:
We have no tolerance for comments containing violence, racism, vulgarity, profanity, all caps, or discourteous behavior. Thank you for partnering with us to maintain a courteous and useful public environment where we can engage in reasonable discourse. Read more.

3 thoughts on “Serious Online Security Breach Has Been Found, “Heartbleed” Widespread Problem

  1. Where Can I To Get wholesale Bobcats cheap jerseys Direct From USA

  2. I go through your post. the content is very good and contains more information. will wait for your future posts. thanks and good luck!!