Protect Your Passwords From The Heartbleed Bug
Editor's note: The original headline reflected that the Heartbleed bug was a virus and that updating your anti-virus could protect you. While it is good to have an up-to-date anti-virus program, it will not be effective against the bug. Your best bet is to change all of your passwords and stay away from suspicious sites.
If you thought your computer and passwords were safe, you should probably check again. The “heartbleed” bug has recently gained some notoriety as it's been found leaving many major websites vulnerable to hackers. Experts are currently considering it to be one of the most serious security flaws uncovered in recent history.
“The finding of the so-called "Heartbleed" vulnerability, by researchers with Google Inc and a small security firm Codenomicon, prompted the U.S. government's Department of Homeland Security to advise businesses on Tuesday to review their servers to see if they were using vulnerable versions a type of software known as OpenSSL.
It said updates are already available to address the vulnerability in OpenSSL, which could enable remote attackers to access sensitive data including passwords and secret keys that can decode traffic as it travels across the Internet.”
The security firm, Codenomicon, has gone on to test their own services by attacking themselves from the outside to ensure safety for their site and services. Security experts say that the bug has actually been in existence for the past two years and victims cannot tell if their data has been accessed from anytime during that period.
There is an estimation that hundreds of thousands of web and email servers that may need to be patched to protect themselves from hackers utilizing the bug. Among the sites that have been patched and protected are: Yahoo Mail, Yahoo Search, Flickr, and Tumblr, but many more should be also be patched.
You can find more information from a website built by Codenomicon in order to provide more details on the threat at heartbleed.com.
Read the full story here.
Reach Tech Editor Eric Parra here.