Almost two weeks ago the world was made aware of the worst internet security breach known to man—Heartbleed. What makes this the worst security breach? Well the answers is that Heartbleed has been infecting numerous websites and laptops of major companies, as well as known websites, and you—the end user. This has been going on for the past two years. HeartBleed created a weakness that allowed the stealing of information protected under normal conditions. Heartbleed was able to accomplish all of this by overriding the encryption code used by many websites and was virtually undetected. The websites that were (or are) most likely to be victims use open-source tools called Open SSL—which provides most of the modern web of SSL (Secure Sockets Layer) and Transport Layer Security (TLS) functionality. SSL/TLS are a set of protocols that provide security for internet communication—it encrypts the data being communicated between two (or more) internet users.
Most major websites and apps use Open SSL, which is a free way to implement SSL/TLS functionality and was designed to be versatile. Up until now it was believed that Open SSL was secure because it encrypted data being communicated. But Heartbleed was able to override that encryption and access the data. The really scary part is that Heartbleed has been able to override the encryption, copy that encryption code, and display the “encrypted” data for anyone to see -- completely undetected –since late 2011.
Heartbleed is most frustrating for the end user—you—because to fix it’s attacks the Open SSL and the owner/developer of the website is (are) the one(s) who have to correct the problem. However, there is one thing that you can do to protect yourself and that is changing your passwords. Once gaining access to your information one of the first things a bug/virus does is steal your password—making it no longer safe and secure.
Now you don’t have change all of your passwords, only the ones where a website has acknowledged it was hacked by Heartbleed. (Although it is better to be safe than sorry; by changing all of your passwords). Here’s a list of the websites that were compromised by Heartbleed:
- Tumblr
- Gmail
- Yahoo
- Yahoo Mail
- Amazon Web Services
- Etsy
- Godaddy
- Flickr
- Minecraft
- Netflix
- Soundcloud
- Youtube
- United Services Automobile Association (USAA)
- Box
- Dropbox
- Github
- IFTTT
- OKCupid
- American Funds
- Venmo
- SpiderOak
- Wikipedia
- Wordpress
- Wunderlist
- Dashlane
- LastPass
All of the companies listed above have added a security path to correct the problem. However, if you are a user of any of the above mentioned sites you need to change your password immediately. If you use the same password for other sites, you should change those as well.
or the full list of websites that were or weren’t breached by Heartbleed click on the link below:
http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/
Sources
http://mashable.com/2014/04/09/heartbleed-nightmare/
https://www.schneier.com/blog/archives/2014/04/heartbleed.html
Picture Source
http://www.digitaltrends.com/computing/check-favorite-websites-vulnerable-heartbleed-bug/#!GmEhL