Heartbleed Attack

Bleeding Heart flowers are beautiful. Fragrant, indicative of summer, warm breeze, sunshine…ahhhh. Heartbleed? Another story. This is the newest internet virus attacking the security of millions of websites. It’s such a big deal that experts in security industries are using terms like “catastophic” and “devastating.” And unfortunately, there’s not much we can do to fix it. According to tomsguide.com, Heartbleed mainly creates problems on Web and email servers. Windows PCs, Macs and mobile devices aren’t directly affected, and antivirus software has no impact on Heartbleed. While systems admins across the globe are scrambling to patch server network, the average internet user can do nothing but sit back and wait it out. If you want to be proactive in your efforts, here are some things you can do:
1. Change your passwords – Tumblr, Flickr, and Yahoo were particularly vulnerable to Heartbleed. Unlike many prominent sites, these three sites did not patch systems before the Heartbleed bug became public knowledge on Monday, April 7, 2014. “Security researchers…[April 8] used Heartbleed to capture usernames and passwords as random people logged into their Yahoo! mail accounts. If the good guys were doing that, you can bet the bad guys were, too.” If your Yahoo! password is used for any other accounts you have online, you should also change the password to those accounts.
2. Change Google, Facebook and Dropbox Passwords, too. Even though it has not been proven these sites were susceptible to this particular attack, they were vulnerable against it in past years. One of the most tricky things about Heartbleed is it’s ghostly appearance. It can attack and leave no trace behind. Systems administrators may never know that they have been compromised.
3. Log out of all apps on mobile devices. A lot of times, mobile apps use authorization tokens to keep you logged in, especially to Gmail, Dropbox and Yahoo! mail. If you manually log out of those mobile services, then log back in, all your previous tokens will be cleared and replaced with new ones.
4. Change your password when asked. Even if you change your password now, some systems may request you change your password again in a few days. If you’re asked again, do it. It’s for your own good after those breached have been able to sort out their issues left by the attack.
5. If you have Linux, update your OS. Ubuntu Linux is particularly vulnerable, which means it derivations from Linux Mint and SteamOS likely are, too.
6. Set up two-factor authentication. Many sites offer two-step authentication, which means that attackers can only log in on a remote device if they actually physically have the device. Several sites, including Google, Facebook, Twitter, Yahoo, Dropbox Microsoft and LinkedIn all offer two-factor authentication. Most servers that use Microsoft weren’t impacted by Heartbleed, and many other major sites like Amazon, eBay, Paypal and most major banks weren’t either.

  • Yahoo!
  • Flickr
  • Tumblr
  • Ars Technica
  • Blogger/Bloggspot
  • Dropbox
  • Facebook
  • Electronic Frontier Foundation
  • Etsy
  • Google
  • Imgur
  • Instagram
  • Netflix
  • OKCupid
  • Pinterest
  • Stack Overflow
  • Wikipedia
  • Woot
  • WordPress.com/Wordpress.org
  • YouTube

(Photo courtesy of Flickr contributor Global Panorama.)