
The Heartbleed Bug, gone in a heartbeat.
There is a hole in the heart of Internet security which has the potential to expose countless encrypted transactions. It’s been named the Heartbleed Bug. The bug was accidentally incorporated into OpenSSL in late 2011. OpenSSL is an open source library that many software developers use to implement SSL/TLS encryption to provide security and privacy for communications over the Internet.
When you connect to a secure Internet site to access your email, social media account, or Internet banking, the server you connect to will send back what is called a ‘heartbeat’, and just like your heartbeat it is how your computer and the server stay connected whilst you are logged in. This heartbeat is used so that the server knows that you are still there and wishing to connect to your online account. Once you log out this heartbeat stops meaning the server then knows that there should no longer be a connection and so your online account is no longer accessible.
This is a hard question to answer. If your web site uses an old version of OpenSSL, then they are not affected. Even if they do use the vulnerable version of OpenSSL, it would require an attacker to be using the bug at exactly the time you are using the site to be able to grab your credentials. The best we can say is that it’s possible that you have been directly or indirectly affected. Unfortunately the Heartbleed bug leaves no trace of exploitation, so you are unable to see if it has been used against you.
· Be a minimum of 8 characters long
· Use upper and lower case letters
· Substitute numbers or symbols for letters
· Do not use simple personal information (i.e birthdays, kids names, pet names)
· If you keep a written copy of your passwords use and encrypted method of accessing them, not a note in your wallet.
· An easy thing to remember is a phrase, try abbreviating the phrase and using each of the first letters as your password. Using numbers can help make this harder to guess.
A useful tool to check the configuration of your Internet provider is https://www.ssllabs.com/ssltest/
Here are some of places to look for more information.
The Heartbleed Hit List: The Passwords You Need to Change Right Now
How Heartbleed Works: The Code Behind the Internet’sSecurity Nightmare
Sarah Taylor
www.cqr.com
*** This is a Security Bloggers Network syndicated blog from CQR authored by CQR. Read the original post at: http://cqraustralia.blogspot.com/2014/04/the-heartbleed-bug-gone-in-heartbeat.html