Last month, a major security flaw was found on many popular websites that has potentially compromised millions of users’ passwords. In a nutshell, the security vulnerability, being termed the “Heartbleed Bug” by the media, is a widespread hole in OpenSSL, a popular open source encryption software used on hundreds of thousands of websites to encrypt user accounts and help prevent passwords from being hacked. Because of this major security flaw in OpenSSL, it is possible that user’s sensitive data such as user names, passwords and credit card information have been compromised.
While the security flaw was just discovered about a month ago, it is believed that the Heartbleed bug could go back as early as 2012. Additionally, over half of the web servers that were affected still have not been fixed. While it is not necessary to panic, we do recommend that everyone takes this situation extremely seriously.
For your convenience, here is a quick list of several popular sites that have been compromised.
- Amazon Web Services
The websites above are the most popular sites that have been affected. However, there are thousands of smaller sites that have been affected as well. Here are a few recommendations to make sure that you are properly protecting yourself from sites affected by the Heartbleed bug:
1) Check with www.lastpass.com/heartbleed to see if a site that you have an account with was affected. Just type the website into the search bar and it will tell you whether the site has been compromised, whether they have already applied the security patch and whether or not you need to change your password.
2) For a list of popular sites, visit www.cnet.com/how-to/which-sites-have-patched-the-heartbleed-bug/
3) If you find you have an account with an affected site, change your password. We recommend creating a strong password consisting of a minimum of 8 characters, a capital letter, a number, and a special character.
Luckily, just about all financial institutions use their own proprietary encryption, so there is no need to worry about online banking information. With that said, we always recommend that you keep a close watch on your bank and credit card statements. Even though the banks were not affected by the Heartbleed bug, that doesn’t mean that they are 100% secure. We recommend changing passwords every 3 months, especially for financial institutions.
We realize that keeping track of all of your changed passwords can be a daunting task. There are several password management tools that make tracking passwords a little more manageable. Programs like LastPass and RoboForm are great for securely keeping track of passwords.
As always, if you have further questions regarding the heartbleed bug or need help with changing your passwords, feel free to call the Right Click Computer Solutions office at (516) 665-9313 and our staff will be happy to assist.