A new security bug going by the name "Heartbleed" is the latest security loophole on the internet.
What is the Heartbleed bug?
Security researchers recently announced a security flaw in a data encryption standard. Heartbleed exploits the encryption technology that is widely used to protect online accounts for social networking sites, e-commerce and banking sites. It works by creating an opening in OpenSSL encryption technology (marked by the small , closed padlock and https on Web browsers that indicates security). Due to this particular flaw, researchers found out that it was possible to trick a server into sending data stored in its memory. This data could include user names, passwords, and even the content that users have uploaded to a service.
Who has been impacted?
Heartbleed mainly creates problems on web and email servers. Windows PCs, Macs and mobile devices are not directly affected, and antivirus software has no impact on Heartbleed. The bug has affected many popular websites and services — ones used every day, like Yahoo, Gmail etc.
What can I do?
- Strongly recommend to change Yahoo, Gmail , Flickr and Tumblr passwords immediately.
- Change passwords immediately if a service (Evernote, Dropbox , Facebook etc) asks to do so.
- We also suggest changing passwords of Facebook, Dropbox , LinkedIn, Twitter as these sites could be vulnerable too .
- Log out of the apps on mobile devices and log back in again with the changed passwords for the above apps.
- While most banking sites are safe, it is a good practise to change passwords once in a while.
- Set up two-step verification wherever possible (Refer to the Gmail 2-step verification at the following link:https://www.google.com/
landing/2step/#).
While the security community worldwide is working on applying the patches to this security flaw, best thing users can do is change passwords and make it a complex one.
No comments:
Post a Comment