Technology advice, practical solutions and real results.
Friday, April 11, 2014
Heartbleed May have Compromised Your Sensitive Info!!
WHAT IS IT?
Heartbleed is a bug that MAY have exposed sensitive user information via a coding error in the commonly used online security protocol OpenSSL. This has rocked the technology world to its core and generated some scary headlines... The New Yorker called it “as bad as a security flaw can be.” The New York Times described it as “a stark reminder that the Internet is still in its youth and vulnerable to all sorts of unseen dangers.” Cryptography expert Bruce Schneier said Cryptography expert Bruce Schneier said “catastrophic is the right word to describe Heartbleed… on a scale of 1 to 10, this is an 11.”
Current Status?
The good news is that CMIT has verified that our systems and websites are NOT infected and are not using the vulnerable code. Our help desk email solution have also been tested and they are clean… We also verified that the routers we sell and support (sonicwall and netgear) are not affected, although other brands have admitted vulnerabilities.
• Because the bug can be exploited at any time, by anyone on the Internet, without leaving behind a single shred of evidence.
WHAT TO DO?
On April 10th, Mashable reported that the following sites, which collectively account for nearly two billion users, may have been affected, had applied security patches, and were urging users to change passwords:
Facebook, Twitter, Instagram, Pinterest, Tumblr, Google, Yahoo, GoDaddy, Intuit, DropBox, LastPass, OKCupid (Check back for updates)
If you want to proactively check a site that is not listed above (and we think you should) go to https://lastpass.com/heartbleed/ and type in the website you want to check. If it comes up clean, change your password; if it does not, contact the vendor or your IT support person for the next steps.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment