The Heartbleed Bug – How to protect yourself

The Heartbleed bug is already being called one of the biggest security threats the Internet has ever seen.
It’s affected many popular websites and services and could have quietly exposed your sensitive account information, such as passwords and credit card numbers, over the past two years.

Some Internet companies that were vulnerable to the bug have already updated their servers with a security patch to fix the issue. This means you’ll need to go in and change your passwords immediately for these sites. Even that is no guarantee that your information wasn’t already compromised, but there’s also no indication that hackers knew about the exploit before this week. The companies that are advising customers to change their passwords are doing so as a precautionary measure.

Although changing your password regularly is always good practice, if a site or service hasn’t yet patched the problem, your information will still be vulnerable.

Also, if you reused the same password on multiple sites, and one of those sites was vulnerable, you’ll need to change the password everywhere. It’s not a good idea to use the same password across multiple sites, anyway.

Click here to view a list of the most popular websites that have been affected by the Heartbleed bug.

Read more.

Huge “Heartbleed” security bug affects much of internet

The “Heartbleed” security bug in software used by millions of web servers could have exposed anyone visiting sites they hosted to spying and eavesdropping, say researchers.

The bug is in a software library used in servers, operating systems and email and instant messaging systems and reportedly affects nearly two-thirds of all websites, including Yahoo Mail, OKCupid, WeTransfer, and others.

It takes advantage of a vulnerability in OpenSSL, an open-source protocol used to encrypt vast portions of the web. It allows cybercrooks to steal encryption keys, usernames and passwords, financial data and other sensitive data they have no right to.

Called OpenSSL the software is supposed to protect sensitive data as it travels back and forth.

It is not clear how widespread exploitation of the bug has been because attacks leave no trace.

“If you need strong anonymity or privacy on the internet, you might want to stay away from the internet entirely for the next few days while things settle,” said a blog entry about the bug published by the Tor Project which produces software that helps people avoid scrutiny of their browsing habits.

Read more