What's this?

Irregularly posted tips, gleaned from all over the internet, for beginning and medium level computer and technology users. Feel free to subscribe to get these by email if you wish (below, right). Or,come to this site anytime. We update it about twice a month with new tips and links.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Saturday, April 12, 2014

"Heartbleed"- should you worry, or not?

What is it?

 It's not really a "virus," but rather a sort of "hole" in the code that is behind up to two thirds of all websites. They're calling it a "bug" as in "a bug in the code." 

 This "hole" means that if you go to that website, you become vulnerable, because if someone exploits that "hole", then the site could be forced to reveal passwords and in principle let others create a bogus version of the Web site

 Should I worry?
According to CNN, sort of yes: 
http://www.cnet.com/news/heartbleed-bug-undoes-web-encryption-reveals-user-passwords/

 According to ZDNet, you probably shouldn't panic. 

 What should I do? How?

 Experts seem to agree on a two step process:

 1. Figure out if a website has already updated its code, essentially closing the "hole."

 2. Then, change YOUR password for that site.

 If you are not sure if the website has already closed the hole, they generally are suggesting you change your password anyway, and perhaps change it again in a week or so, to give that site a chance to update its code.

 Here's a list you can look at that gives some good indicators of which sites you SHOULD change your password for right away:

 http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/?utm_cid=mash-com-fb-main-link

 http://www.zdnet.com/sans-warns-end-users-against-heartbleed-patch-panic-7000028361/

 Lastpass.com, as well as some others, has created a nifty tool so you can check websites to see if they are places that are dangerous for you:
https://lastpass.com/heartbleed/

 And, if you already subscribe to Lastpass.com (which is not affected by this bug, by the way), they have a free tool that actually analyzes your sites/passwords and creates a list with links to click to easily change passwords. That's what I did- and I have a LOT of passwords! I guess it was a pain, but then again, you're SUPPOSED to change passwords periodically anyway, so I'm chalking this up as an opportunity to do some "spring cleaning!" If you decide to sign up for Lastpass,can you please use this referral link? It gets both of us a month of premium use... https://lastpass.com/f?2882976  Thanks!


Posted by at

No comments:

Post a Comment

Please comment ON TOPIC only. Comments are reviewed before publishing and are deleted if I deem them inappropriate. Thanks.

Subscribe to: Post Comments (Atom)