'Heartbleed' Online Bug: How to Protect Yourself

ABC News

- ‎25 minutes ago‎

An online bug called "Heartbleed" is affecting a huge chunk of the Internet, which means that a password change is likely in order for hundreds of millions of people.

'Heartbleed' OpenSSL Flaw May Lead to Leaked Passwords, Encryption KeyseWeek

Massive Security Bug In OpenSSL Could Affect A Huge Chunk Of The InternetTechCrunch - by Greg Kumparak

In Depth:'Heartbleed' Bug Kills Website SecurityDiscovery News

Wikipedia:OpenSSL

• Sign In

• 
• Home
• Video
• U.S.
• World
• Politics
• Entertainment
• Tech
• Health
• Lifestyle
• Shows
  • GMA
  • World News
  • Nightline
  • 20/20
  • This Week
• More
  • Investigative
  • Money
  • Sports
  • Good News
  • Photos
  • Fusion
  • Live
• 
  Portland, OR

  

  51 °

  Powered by AccuWeather

Home> Money

'Heartbleed' Online Bug: How to Protect Yourself

Share on email

More Sharing Services

0

Text Size

Print

View Individually

By ZUNAIRA ZAKI (@ZunairaZaki)

April 9, 2014

Laurence Dutton/Getty Images

An online bug called "Heartbleed" is affecting a huge chunk of the Internet, which means that a password change is likely in order for hundreds of millions of people.

More than half a million sites are vulnerable that use the security system called Open SSL, according Netcraft, and have had to install a new security patch. Before this patch, private data on websites such as Yahoo, Google and Tumblr could have been vulnerable to hackers, experts said. This bug was discovered by a team of security engineers at tech company Codenomicon and Neel Mehta of Google Security.

Joost Bijl, a product manager with the cybersecurity firm Fox IT, said that affected websites should be letting consumers know that a fix has been installed. But, so far it does not appear that any major website besides Tumblr have reached out to consumers.

Here's what you should know about "Heartbleed" and some ways to protect yourself:

1.

Tumblr

Tumblr issued a warning on Tuesday, saying the blog site has "no evidence of any breach and, like most networks, our team took immediate action to fix the issue," but users should change all their passwords.

2.

This Is Serious

Codenomicon set up a Heartbleed info website, saying, "Considering the long exposure, ease of exploitation and attacks leaving no trace this exposure should be taken seriously."

Codenomicon CEO David Chartier said that users on impacted websites should change their passwords, but only once the site administrators have appropriately installed the patch to fix the problem. It doesn’t help to change the password if the site has not been updated, though Chartier estimated that the fix is probably already in place on most of the major websites. The problem has been around for two years and was discovered last Friday, he said.

Charier also said their investigation shows that Open SSL is used by at least 66 percent of all servers on the Internet.

3.

Facebook

A Facebook spokesperson said the company "added protections for Facebook’s implementations of Open SSL before this issue was publicly disclosed, and we haven’t detected any signs of suspicious activity," but the firm is "continuing to monitor the situation closely." The company has not yet advised users to change their password. In general, the company recommends changing passwords on sites they use regularly as an extra precaution and to use a unique password, especially for your most valuable accounts.

4.

Google

A Google spokesperson said in an emailed statement, “The security of our users' information is a top priority. We proactively look for vulnerabilities and encourage others to report them precisely so that we are able to fix them before they are exploited. We have assessed the SSL vulnerability and applied patches to key Google services.”

5.

Yahoo

In a statement, Yahoo said, “A vulnerability, called Heartbleed, was recently identified impacting many platforms that use Open SSL, including ours."

The company said it has "successfully made the appropriate corrections across the main Yahoo properties (Yahoo Homepage, Yahoo Search, Yahoo Mail, Yahoo Finance, Yahoo Sports, Yahoo Food, Yahoo Tech, Flickr and Tumblr) and we are working to implement the fix across the rest of our sites right now. We’re focused on providing the most secure experience possible for our users worldwide and are continuously working to protect our users’ data.”

6.

Main Takeaways From an Expert

Security expert Brian Krebs, who broke the news of Target's massive security breach last year, said hundreds of millions of users are impacted by this problem. He offered three main takeaways:

• This highlights the danger of using the same password over and over again for all your sites.

• Using same username and same password on multiple sites that hold valuable information is a bad idea.

• For banking and email you should have different usernames and passwords.

7.

And Lastly ...

Krebs advised people on Tuesday to avoid logging into sites that have critical personal information. It's never a bad idea to change passwords for important services and sites, he said.

ABC News' Sandy Cannold and Susanna Kim contributed to this report.

end quote from:

'Heartbleed' Online Bug: How to Protect Yourself

The fact that this has been going on at least 2 years already is sort of alarming. This kind of bug likely could only have been placed by a country like Russia or China to scoop up unlimited amounts of information. But, when will they use this information? That is probably the most important question that hasn't been properly addressed yet. 

This is a new type of country sponsored espionage being done on an economic level against all citizens. This is economic warfare conducted in a relatively new way. What is being done economically against Ukraine is small potatoes compared to this.