Heartbleed malware attacks OpenSSL sites, exposes personal data of millions
There’s buzz about Heartbleed all around the web. It has the potential to damage the reputations and the bank accounts of millions of people.
This is the biggest scare since the Java vulnerability that was announced a couple of yers ago.
The issue is that OpenSSL, software used by thousands of commerce sites, has a bug, and a crook found out about it. With that knowledge, Heartbleed was created to steal userids, passwords, name and other personal information from sites running OpenSSL.
This week, in Canada, a 19-Year-Old Canadian Arrested for hacking into government computers using the Heartbleed vulnerability. This is the first reported arrest, but until the vulnerability is corrected in all the affected servers around the world, a growing stream of arrests is likely.
Mashable has published a list of major sites that have the problem: http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/.
The fix is known, and sites are working to correct the code they run. Yahoo, for example, reports it has already completed its corrections.
Your own personal information probably has been compromised. The Norton Antivirus team has created a tool you can use to check whether a particular site you plan to visit has the flaw: http://safeweb.norton.com/heartbleed.
More things you can do to protect yourself:
It’s good to change your passwords now in case a crook already has your password. But if the site hasn’t corrected their code, you should change the password again after they do. You should do this on any site where you have sensitive data. Certainly on sites where your credit cards information is stored, but you might consider you name and address as sensitive, as well.
This would be a good opportunity to make sure you use a different password on each site you use. That way, if a crook gets one password, the damage is limited to a single site.
Remember that the apparent link address you see on a site or in an email may not be the actual address that clicking will take you to. For example, http://mywebsite.com actually takes you to IM NewsWatch’s home page.
Because of this potential for “phishing”, you should be wary of clicking on a web address (in some browsers, hovering your mouse of the link will show you the actual destination), and you may want to type website addresses directly in your browser instead of clicking on a link.
And, of course, monitor your credit crds, Paypal account, etc., for charges caused by crooks.
You should be aware that it will take days, maybe even weeks, for all the thousands of sites to be fixed. Until they are, you may want to use the Norton tool to check so that you won’t become the next victim.
Comments are closed.