“Wyrd biõ ful ãræd.”

Monday, April 14, 2014

What is "heart bleed"?

I keep seeing news articles on this . I read them but I'm no wiser afterwards. They talk about something getting your passwords from years ago, and about phishing, and about people calling you on the phone, but nothing I have read really ties it all together, tells you what it actually is, or says how to protect yourself.

7 comments:

  1. Go here: http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/?cid=146326&ctst=1

    It tells which websites were hit, which passwords you should change. I don't understand a whole lot about it, myself, but this much I get, and this is the most useful article to the average computer user I've seen. Most of the rest feature a lot of jargon that I don't understand.

    ReplyDelete
    Replies
    1. Thanks, I'll go look at that . I am thoroughly confused. It doesn't seem to be the "normal" virus scare.

      Delete
  2. Thank you Heroditus Huxley - I was confused by this myself.

    ReplyDelete
  3. Harry - this is a bug plain and simple. which means it is an unanticipated vulnerability in open SSL which is Secure Socket Layer, which is a way that people/companies have used to transmit sensitive data for years on the internet. nobody knows how many websites and services have been exploited. however all major companies are working on patches and fixing this vulnerability so depending on how much sensitive activity you do online, you may not have anything to worry about. companies like Google and Go-Daddy and others have already closed this "backdoor way of exploiting sensitive data". The Canadian Revenue Agency (CRA) shut down their electronic filing system for 5 days until it was fixed and have extended filing dates for taxes until May 5th...which is 5 days past normal filing dates.

    all major companies regardless of where they are located are aware of this vulnerability and are applying major fixes.

    this is not the same as a a virus or a worm. those are designed by people with a specific INTENT to disrupt and/or destroy electronic data. this is a vulnerability that simply can be exploited which means that there is no person or group actively trying to exploit any of our personal information. it is easier for companies to address this type of bug because it is an error in coding - NOT a malicious attack.

    if you only use sensitive online information with major companies, the chances are very high that they have already addressed this problem. like Google or Gmail or Go-Daddy for example.

    some companies that are not vulnerable and never have been are PayPal, Ebay, MBNA, HSBC, Google, ScotiaBank, TDCanadaTrust, our CRA and i assume your IRS and other sensitive American agencies, financial institutions and your alphabet agencies.

    MicroSoft does not even use open SSL. therefore, a lot of people aren't even vulnerable in the first place. all major banks don't use open SSL.

    so there is no need for you to worry about your personal information getting out there to who knows who.

    all of this info comes from my husband's research because as you know he is a 20year IT Business Systems Analyst. chances are - your exposure to this vulnerability is extremely low.

    your friend,
    kymber

    ReplyDelete
    Replies
    1. Kymber, does this mean though that my passwords I use for Gmail and such might have been compromised and I need to redo them? I saw USAA on that chart that H.H. posted, and I have a bunch of my financial accounts with them, and my car insurance, credit card, etc. Do I need to redo my passwords there? I can see how if the companies fixed it, and you change your password you would be ok but if the bad guys got my password before USAA fixed it, as an example, am I still at risk?

      Delete
  4. Harry - if your bank uses SSL, then you should change your passwords regularly. and as gmail was hit, change your passwords there. the risk of anyone getting your info is very low but that doesn't mean it's non-existent.

    your friend,
    kymber

    ReplyDelete
    Replies
    1. Ok. But once I do that I am alright then and don't have to worry about it anymore? I never change my passwords, but like you say I know I should so I guess I will start trying to do that regularly.

      Delete