More on the Heartbleed BugApril 12, 2014
There has been a lot going on lately about this discovery so I posted this from an email sent to me by our systems consulatant, Todd Herman at A Tech for Hire, Inc. in Fairhaven:
If you have not yet heard of the Heartbleed bug, I will inform you. Heartbleed is essentially a security flaw in a major part of many website’s encryption software. Unlike other bugs, worms and viruses you have encountered in years past, this one is not on your computer. This flaw was used to break the encryption (security) in many popular websites on the Net including Google/Gmail, Netflix and Facebook. The main alert is for you to change your current password on those sites if you are a user. You can read more about the flaw at http://heartbleed.com/ This flaw has been exploited for the last two years before being discovered. There is no way to know the extent of the intrusion. Most of you will never be affected but you should take precautions.
As a way to check your exposure, you can go to https://lastpass.com/heartbleed/ and type in the address of any site that you have a user account with.
Also, everyone should be using a password manager for security reasons as well as for convenience. A password manager allows you to enter one password for you main account and then stores all the other accounts you use within it. It then autofills the website each subsequent time you go to that website.
Go here to download lastpass free https://lastpass.com/features_free.php and after you login to all your sites, lastpass will remember all your passwords for you. Plus, afterward you can run a check to see if any of your logins have been compromised by heartbleed.
Sorry for the intrusion but this is a very serious flaw in the security of the Internet. Some of you may have been contacted already regarding the need to change your password. As always, remember to open your browser and type in the web addresses you receive in emails. Especially those regarding passwords and account information. I estimate a rise in phishing emails that falsely request you to change your information. Please be wary in the weeks and months to come. As always, it is good security practice to request free copies of your credit report yearly from the major credit agencies. Also, keep an eye on your bank and credit card statements for anomalies.
Stay safe and secure and feel free to contact the office for further information.
Tags: Heartbleed Bug
Written by: Doug Rodrigues