Read on, for a few tips to protect yourself from the "Heartbleed" bug and other Internet threats.
On April 7, a major security flaw nicknamed "Heartbleed" was exposed in the safeguard many websites use to protect sensitive information like passwords and social security numbers.
This flaw has been in existence for over two years.
“Approximately two-thirds of all websites have been exposed.”
Approximately two-thirds of all websites (including Yahoo, Flickr and Tumblr) have been exposed. Those sites use a security system called "OpenSSL" to encrypt data — and it was revealed Open SSL has been vulnerable due to a small coding error. This exploit makes it possible for a hacker to snoop on the communication that goes on between a client system and a web server, and steal that sensitive information (passwords, social security numbers, etc.).
Briar Cliff Network Director Darrin Fangman shared some tips for safeguarding your own information:
- There are a few sites available to “test” a website’s domain to determine if there is risk associated to “Heartbleed”. One site that you can use is called: www.ssllabs.com/ssltest/
- Now is the time when the race between the attackers and the defenders is on. If you need strong anonymity or privacy on the Internet, it is best to stay away from submitting personal information entirely until companies are able to deploy the fix. In the near future it will be necessary to change your passwords.
- When the news of Heartbleed was released, some advice was to change your passwords immediately. The problem is, if you change your password prior to the SSL being updated, your new password is just as vulnerable as your old one. It is the hope that as websites are repaired, they will notify their customers with a prompt to change their passwords at that time. However, there are no guarantees that will happen so please be cautious when using websites.
- It's recommended that you change your passwords frequently, and when doing so, use a combination of numbers, capital letters and punctuation.
- Check your bank accounts frequently and report any suspicious behavior.
For further assistance, contact the IT HelpDesk at Briar Cliff.