Heart Bleed and How to not fall foul of it

It has certainly been an interesting last couple of weeks in the technology world. A bug was found in the code of a popular SSL encryption program used by about 66% of the internet. Pretty scary stuff.

Armand Valdes at Mashable.com explains this in very simple terms:

Luckily it wasn’t a potential hacker that spotted this flaw, it was the researchers. Luckily the issue was remedied with a security patch. Even more luckily, the major companies that use the encryption software have applied this patch quickly.

But the problem is not resolved yet. As I said earlier, a lot of websites have been affected by this flaw and this includes email setups, social networks, banks and websites that are used every day:

• Facebook
• Google (which also includes YouTube, Google Mail and Google Play and Google Apps)
• Twitter
• Pinterest

Someone has already been arrested for attempting to steal compromised data from the Canadian IRS: http://www.christianpost.com/news/man-charged-in-heartbleed-attack-virus-compromised-canadian-irs-118121/ Therefore you should, without delay, go through http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/, and see which websites affect you and change your passwords. Even if you haven’t included payment details, your personal information is still there for the taking.

Just a quick word on passwords

It is a pain changing passwords and trying to remember them, but to keep things running as smoothly as possible, here’s a few tips:

• Get smart with passwords Since the start of this year there has been an increase in attempts to log into WordPress admin sites with an easy to guess password (eg 12345, etc). Surely these people (I use the term loosely) must have got lucky a few times otherwise why are they bothering? : Ideally your password should contain a number, an upper case letter and a special character (&, #, etc). Some websites have their own advice on what is acceptable.

• Dont ever ever ever use the same password for all your profiles This is beyond stupid, its dangerous. If one person compromises your data, then you’re pretty much making it easy for them to hack into every other account you have. Have a few good passwords in circulation.

• Use a Password Manager software You shouldn’t write down your passwords on paper or in a book: Bits of paper get lost. However there are enough Password Manager software both free and paid versions. http://keepass.info/ or Microsoft’s own version http://www.microsoft.com/en-gb/download/details.aspx?id=31326. Alternatively check out your PC security software to see if they already include Password manager software. Norton offer Identity Safe (https://identitysafe.norton.com/) and McAfee All Access Security http://home.mcafee.com/store/all-access-security

So no excuses, change your passwords and have a nice rest of the day.