Alert: HeartBleed

Heartbleed is the latest in an epidemic of attacks on the Linux foundation of the Internet. Most websites use Linux in one way or another but until recently the hacker community has left them alone. But a couple of months ago cPanel, the application that every website uses to publish itself, was hacked and now it’s OpenSSL. OpenSSL is the SSL certificate processing portion of websites. The hack allows your username and password and any other data that you enter into the website to be harvested in plain text defeating the whole purpose of an SSL protected website. The worst part about these recent hacks is that no one noticed them for the last two years.

You can find out if a website that you visit hasn’t been patched yet by entering its address into this tool http://filippo.io/Heartbleed/ I would recommend doing that for any website where you are entering in your username and password.

If you are curious about which websites were vulnerable, here are a few that still are as of last night: yahoo, flickr, eventbright, zoho, squidoo, petflow, fool, lastpass and slate. They are among tens of thousands.

So let’s say you use one or more of those common websites. You might feel that there’s nothing there in your personal information to worry about. There’s just your name, email address, home address, business address and perhaps some stored credit card information. The later is of course a concern but the larger concern is whether you used that same password any where else. That’s really what the bad guys are after. Because once they have a password of yours, they throw it at the websites that might yield money: credit card, banking, investments, tax returns, payroll, maybe they’ll order something from Amazon. That’s the real danger. So take the time to look and change those passwords.

If you need assistance, we’re here to help.

-Amy

p.s. My apologies for yesterdays post. It was not meant for you. I hit enter and sent it to the wrong group. That was for ThirdTier where we help other IT firms with technical issues and for the last 16 months we also help them build better businesses. It’s time to give back and help make this profession better as a whole.

Leave a comment

Your email address will not be published. Required fields are marked *

This blog is kept spam free by WP-SpamFree.