Your Library for the latest IT Security News, Alerts, Threats and Tips and Android Games
Recent Articles
Home » Posts filed under OpenSSL
Showing posts with label OpenSSL. Show all posts
Showing posts with label OpenSSL. Show all posts
Wednesday, 19 November 2014
Wednesday, 19 November 2014
- 0 Comments
Password leaks and targeted attacks are nothing new and the latest security bug related to a massive loss of passwords across the world is ‘Heartbleed’. This bug has received a lot of media coverage over the last few days, so there is a lot of confusion about what it is and what one needs to do to fix the issue.
This blog post aims to help you better understand what Heartbleed really is and what you need to do in order to secure your presence online. Heartbleed has affected about 17% (close to 500,000) of the web servers across the world, so there is a high chance that you are affected by this too. With that in mind, here’s what you need to know now.
Heartbleed is a security bug that affects servers that use OpenSSL (Secure Sockets Layer) technology. When you log in to your email account, or make a financial transaction online, the server that hosts this activity is protected by the SSL technology, which is denoted by the symbol of the padlock near the address bar and the unmistakable presence of “HTTPS” as a prefix of the URL itself.
Heartbleed is a bug that afflicts this very protective measure and exposes information that SSL attempts to protect. What this means then, is that sensitive information like passwords, credit/debit card details and more are susceptible to this bug and can be stolen.
What this means is that there is nothing wrong with your PC or your antivirus software. This is an issue that needs to be dealt with by the people who run the websites that make use of SSL. Moreover, if you are surfing the Internet you will not be able to tell if a service you are using is affected by Hearbleed or not.
While most of the sites that have been affected have taken corrective steps already, there are bound to be many more which are still working on it. If you use some of the following services then there is a high chance that your password and details may have been leaked.
As you can see, the list is huge. There are several more services that have been affected, so the potential damage here is substantial.
This online tool can also help you ascertain whether a particular URL is afflicted or not. If you carry out online banking transactions, then we highly recommend that you change your account passwords. Also, check this tool to see if your bank’s online portal is affected by Heartbleed or not.
While there is nothing specific that you can do to combat Heartbleed, one major precaution you should take is change ALL your online passwords right away. This will ensure that if any of the services you use have been afflicted by Heartbleed, then at least your passwords will be safe. Apart from this, stay alert about any unusual activity on your accounts. If you feel something is out of the ordinary, take the necessary corrective steps as soon as possible. Moreover, spread the word about Heartbleed and inform your friends and family members as well.
WARNING: Be on the lookout for fake password reset emails
With such widespread activity occurring simultaneously with regards to password changes all over the world, this is bound to lead to several phishing emails about password resets. Be on the lookout for such emails and stay away from fake emails that ask you to change your passwords. Read here for some tips on how to recognize fake phishing emails.
Quick Heal will keep you updated about any further developments and news regarding Heartbleed, so keep checking back for more information.
This blog post aims to help you better understand what Heartbleed really is and what you need to do in order to secure your presence online. Heartbleed has affected about 17% (close to 500,000) of the web servers across the world, so there is a high chance that you are affected by this too. With that in mind, here’s what you need to know now.
Fact # 1: What exactly is Heartbleed?
Heartbleed is a security bug that affects servers that use OpenSSL (Secure Sockets Layer) technology. When you log in to your email account, or make a financial transaction online, the server that hosts this activity is protected by the SSL technology, which is denoted by the symbol of the padlock near the address bar and the unmistakable presence of “HTTPS” as a prefix of the URL itself.
Heartbleed is a bug that afflicts this very protective measure and exposes information that SSL attempts to protect. What this means then, is that sensitive information like passwords, credit/debit card details and more are susceptible to this bug and can be stolen.
What this means is that there is nothing wrong with your PC or your antivirus software. This is an issue that needs to be dealt with by the people who run the websites that make use of SSL. Moreover, if you are surfing the Internet you will not be able to tell if a service you are using is affected by Hearbleed or not.
Fact # 2: Which websites and online services are affected?
While most of the sites that have been affected have taken corrective steps already, there are bound to be many more which are still working on it. If you use some of the following services then there is a high chance that your password and details may have been leaked.
Facebook
|
Gmail
|
Amazon
|
SoundCloud
|
Instagram
|
Yahoo Mail
|
Flickr
|
YouTube
|
Pinterest
|
Google
|
Minecraft
|
Wikipedia
|
Tumblr
|
GoDaddy
|
Netflix
|
Dropbox
|
As you can see, the list is huge. There are several more services that have been affected, so the potential damage here is substantial.
This online tool can also help you ascertain whether a particular URL is afflicted or not. If you carry out online banking transactions, then we highly recommend that you change your account passwords. Also, check this tool to see if your bank’s online portal is affected by Heartbleed or not.
Fact # 3: What do you need to do?
While there is nothing specific that you can do to combat Heartbleed, one major precaution you should take is change ALL your online passwords right away. This will ensure that if any of the services you use have been afflicted by Heartbleed, then at least your passwords will be safe. Apart from this, stay alert about any unusual activity on your accounts. If you feel something is out of the ordinary, take the necessary corrective steps as soon as possible. Moreover, spread the word about Heartbleed and inform your friends and family members as well.
WARNING: Be on the lookout for fake password reset emails
With such widespread activity occurring simultaneously with regards to password changes all over the world, this is bound to lead to several phishing emails about password resets. Be on the lookout for such emails and stay away from fake emails that ask you to change your passwords. Read here for some tips on how to recognize fake phishing emails.
Quick Heal will keep you updated about any further developments and news regarding Heartbleed, so keep checking back for more information.
Subscribe to:
Posts (Atom)