Heartbleed Bug: Latest Updates & News

Heartbleed

According to a report in the Washington Post the Heartbleed bug maybe getting worse. As websites and companies work feverishly to update their systems and networks the effort may slow Internet traffic to a rush hour like crawl. As Internet users work overtime to change passwords the effort may simply not be enough.

Some Internet reports give a failing a grade to the Internet industry as a whole, that includes governments and websites.

Many Internet users may have jumped the gun by changing their passwords too quickly. Banks and other sensitive websites may not have updated their websites when the passwords were changed meaning the new passwords is as vulnerable as the old.

But it is important to know what passwords you need to change immediately and what websites have bee identified as being vulnerable. Mashable is one of many websites that offer a list of websites that you need to change your password as soon as possible.You may also want to know what sites are vulnerable so KrebsonSecurity offers s ome tools to use to investigate sites you may use.

As with all tragic events the human slime seems to appear on the scene all too quickly. Scammers have already begin using phony email phone calls and websites to steal information from people seeking help.  So Internet users are warned to beware of emails claiming to offer Heartbleed detection services.

Many of you have more than one device that connects to the Internet and no doubt at lesst one of them is an Android device. The Heartbleed bug has impacted millions of Android device as well according to the Huffington Post. People using the Android version 4.1.1 should not use it for sensitive financial transactions.

For those of your using Apple iOS and OS X count your blessings. The Heartbleed bug does not seem to be having any impact at all on those computers. But that does not release you from the responsibility of checking the websites and services you use for the vulnerability.

Original Post, April 9, 2014 – Heartbleed, the Internet’s newest nightmare. Heartbleed is an Internet bug that exposes a flaw in the OpenSSL cryptographic tool.  Basically this is the program code that permits secret communications between applications over the Internet. These applications include email, instant messages, and virtual private networks.  So you’ve never heard of OpenSSL.  If you use the Internet at all it’s part of your life, in a lot of different ways. Almost every app used, every website you visit; if the information sent back and forth between you and the site is encrypted then there’s a good chance they use OpenSSL to do it. How do you know if the information is encrypted? Look for https in the address bar or that little lock. Did you use your credit card on the site? Its probably encrypted.

Apache web servers powers nearly 50% of all web sites and utilizes OpenSSL. This bug permits anyone on the Internet to access the memory of any computer system protected by the vulnerable version of the OpenSSL software. According to expert reports Heartbleed exposes millions of usernames, passwords and credit card numbers.  The real terror of the Heartbleed bug is that it may have gone two years without detection and as many as 500,000 servers may be vulnerable. Some experts are even declaring that Heartbleed is the worst bug ever. This bug impacts anyone and everyone who uses the Internet.

“When all the net security people you know are freaking out, it’s probably an okay time to worry. This afternoon, many of the net security people I know are freaking out.”- Greg Kamparak, TechCrunch

According to Internet security firm Codenomicon, who discovered Heartbleed, the vulnerability is deadly serious. The company reported they broke into their own systems without using any special passwords or insider knowledge. They were able to steal user names, passwords, crypto keys and business documents and left no trace of their attack. This means that any company using the vulnerable OpenSSL may have been attacked and robbed of valuable data and not know it.

While there is a fix available there is no evidence of how much damage has been done or who it was done to. As a result you may want to change passwords on your banking and financial sites. Is your bank vulnerable? One way to find out is by visiting the Lastpass.com blog. They offer a free service that allows you to check if your bank or other sensitive website has a vulnerability.

Breaking It Down

I was told once that locks only keep honest men out. And that is pretty much how the Internet works. If it can be hacked it will be hacked! My blog believes in Less Tech-More Knowledge so I am gonna make this as simple and tech free as I can. The Heartbleed bug leaves sensitive information and networks open like a 24-hour Walmart!  Every banking transaction record, every Facebook post, every email and instant message whatever you shopped for online and whatever you did online is now open to  web hackers who attack that OpenSSL flaw. The sad part is that it is really too late to consider taking action. Its been two years and I guarantee that someone has exploited this bug.  Are you personally vulnerable? Probably not. There are bigger fish out there and that is what a hacker is looking for, The big bank accounts. The big data banks. That’s probably not you. But make no mistake this is bad news.

For companies, whatever competitive advantage you had could be gone. Trade secrets; POOF! Gone. Proprietary information and research? POOF again! So now your customer list is out there. If you run a charity your donor list may be gone. Maybe you were doing market research for new product. GONE!  I can spend all day talking about what you may have lost because of this bug but I won’t.

When you hear of these bugs it is likely that foreign governments and intelligence services have been at each other stealing whatever they want. They steal from us we steal from them. Its all part of the game. Like I said before, locks only work on honest people.