Posts

The “Heartbleed” Bug has not been exterminated

Though the breaking news of the Heartbleed vulnerability is a month old, this doesn’t mean that this “bug” has been squashed.

heartbleedThere still remain about 318,000 servers that are vulnerable to this OpenSSL bug, according to security researchers, though this figure is about half of what it was a month ago.

The Errata Security blog announced they calculated the 318,000 via a recent global Internet scan, which also revealed that more than 1.5 million servers still remain supportive of this “heartbeat” thing.

And there may actually be a lot more servers “bugged” because the count applies only to verified cases. Nevertheless, why are there over 318,000 still affected a month after aggressive Heartbleed mitigation went into effect?

Fraudsters can use this bug to attack those 318,000 systems. This flaw in encryption leaves private data like credit card numbers and passwords open for the kill.

Though many of the giant services fixed this problem within a prompt timeline, the smaller services are still struggling with it, and hackers know this. A crook can identify the compromised server and then exploit the bug and steal the private data that’s in the server’s memory or take control of an online session.

So how can you protect your private information?

  • Go to http://tif.mcafee.com/heartbleedtest, which is McAfee’s Heartbleed Checker tool. Enter the URL of a website to see if it’s vulnerable.
  • If no vulnerability is detected, change your password for that site. After all, if a site has already been bugged, changing your password at that point is useless.
  • If vulnerability has been detected, then keep an eye on your account activity for signs of unauthorized activity.
  • After a site has been patched up, then change your password.
  • And this time (if you already didn’t originally), create a strong, long password. This means use a mix of characters (letters, numbers, symbols) and use more than eight. And don’t include a word that can be found in the dictionary unless your password is super long, such as “I eat Martians for breakfast.” (The spaces count.) This would be a nearly uncrackable password due to its length and nonsensicality. But so would the more difficult to remember Y48#dpkup3.
  • Consider a password manager for creating strong passwords and remembering them, such as McAfee SafeKey.
  • For better security use two-factor authentication. This involves a one-time code for each time someone tries to log into an account.
  • As ongoing protection consider a credit freeze and identity theft protection to prevent new account fraud.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Heartbleed: Free Tool To Check if That Site is Safe

I’m sure you’ve heard the news about Heartbleed by now (unless you’re in vacation wonderland and have taken a tech break). This is a serious vulnerability in the core of the Internet and is something we all should be concerned about.

heartbleedHeartbleed is a kink in encryption software, discovered by security researchers. It is a vulnerability in OpenSSL and could affect nearly two-thirds of websites online. If exploited, it can leak out your passwords and login names, thus putting your personal information at risk.

That’s why McAfee, part of Intel Security, is responding to the dangerous Heartbleed vulnerability by releasing a free tool to help consumers determine if a website they visit is safe or not. You can access the tool, here: http://tif.mcafee.com/heartbleedtest

McAfee’s Heartbleed Checker tool works by entering any website name to find out if the website is currently vulnerable to Heartbleed.

Steps to protect yourself:

  • Go to McAfee’s Heartbleed Checker tool http://tif.mcafee.com/heartbleedtest and enter any website URL to check if it’s vulnerable.
  • If the site is deemed safe your next step would be to change your password for that site. Remember, changing your password before a site is patched will not protect you and your information.
  • If the site is vulnerable, then your best bet is to monitor the activity on that account frequently looking for unauthorized activity.

Once a site has been patched so it’s no longer vulnerable to the Heartbleed bug, you should change your password. Here’s some tips to remember:

  • Use strong passwords that include a combination of letters, numbers and symbols and are longer than 8 characters in length – heck the longer the better. Below is a good animation on how to create a strong password.
  • Use a password manager, like McAfee SafeKey which is included with McAfee LiveSafe™ service that will help you create strong password and remember them for you.
  • Use two-factor authentication for increased security. You get a one-time code every time someone tries to log into the account, such as those for banks, social networks and email.

Heartbleed aside, passwords are more vulnerable than ever, and just in general, should be changed every 90 days for important accounts. And remember, if your information was exposed, this is a good time to watch out for phishing scams.

A phishing scam is a ploy that tricks you into entering sensitive data, like usernames, passwords and bank account information, by emulating a familiar website.  And if your information is compromised, even if it’s just your email address, scammers could use this to try and get your other sensitive information.

Remember, in this day and age, we all need to be vigilant about protecting ourselves online.

Stay safe!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247