Are you ready for the next Heartbleed bug?

Posted by Trisha Dear
Sign in or sign up to leave a comment
Sign Up
The recent of announcement of the Heartbleed bug caused mass confusion and panic across the Web. Although there are still some websites that are vulnerable to the exploit, the majority of the Web’s most popular sites have been patched. Encryption and computer security can be complicated stuff, and there are experts in the field who can discuss the topic more intelligently than me.
 
However, now that the dust has settled and the servers that power the Web are on the mend, let’s take a look at the Heartbleed bug and break it down into a palatable manner. The Heartbleed bug is a flaw in the OpenSSL cryptographic software that allows the bad guys to steal information such as passwords that are typically protected on servers.

The vulnerability has existed since 2012 and does not affect individual computers. Security experts have estimated that as many as half a million websites were utilizing OpenSSL. It’s a scary situation because the ordinary consumer is defenseless. The patch to fix the security vulnerability was updated before the news broke, and many organizations implemented the update and replaced their SSL certificates.

An SSL certificate is a piece of code that runs a server and protects communications. Once a website patched the exploit, users were encouraged to change their passwords.
However, this wasn’t properly communicated and created mass confusion. In some cases, changing a password to a website that hadn’t executed the patch actually made a user even more susceptible to a security breach.
 
As Joseph Steinberg, cybersecurity expert for Forbes, so appropriately wrote: “Since criminals now know about the vulnerability, they are certainly scanning for it and seeking to exploit it. If a site has not yet applied the patch and someone changes her password on that site, criminals may obtain her new password.”

The recommended approach is to change your password on a website after the organization states that it has executed the patch and updated the SSL certificate. Mashable compiled a helpful list of websites and their current status. -

Here are three apps to safeguard your passwords on the Web:

1: LastPass LastPass is a popular app that works with your browser. You simply create an account with a master password and follow the setup guide. LastPass is free to use on the desktop (Mac, PC and Linux) and supports all of the popular browsers. A premium package is available that includes mobile support for $12 a year. Mobile support includes: iOS, Android, Windows Phone, BlackBerry, and more. I was very happy with LastPass, and the app worked flawlessly on my MacBook with Chrome and Safari. You can learn more here.

2: 1Password 1Password is the password manager that I’m currently using. It’s a local piece of software with an elegant design. Like LastPass, it works with your browser of choice as well. As the company says on its website, “a single click can open your browser, take you to a site, fill in your username and password, and log you in. It’s the fastest way to work or play.” 1Password is available for the desktop and mobile and includes a variety of pricing tiers starting at $24.95. The app is available for Mac, Windows, iPhone, iPad and Android. You can learn more here.

3: KeePass KeePass is an app my colleague recently recommended to me. It’s a free, open-source password manager — no frills and super simple. KeePass will definitely be a big hit with geeks in search of the right password manager. You can learn more here. Closing: The Heartbleed bug certainly won’t be the last security exploit to wreak havoc across the Web. A password manager can alleviate some of the frustration typically associated with these vulnerabilities and provide additional security.

Give one of these apps a try. -

article was posted on Inman News on 4/22/14
Categories: GeneralEducationHouston Living
Favourites If you enjoyed this post, please consider sharing it with others.
Sign in or sign up to leave a comment
Sign Up
To post a comment on this blog post, you must be an HAR Account subscriber, or a member of HAR. If you are an HAR Account subscriber or a member of HAR, please click here to sign in. If you would like to create an HAR Account account, please click here.
Disclaimer: The views and opinions expressed in this blog are those of the author and do not necessarily reflect the official policy or position of the HRIS.
Advertisement

View Q&A Posts in General , Education , Houston Living