Hackers
have enjoyed a back door into our digital lives for the past two years thanks
to the Heartbleed security
disaster
.It's no exaggeration to say Heartbleed is one of the most
significant security threats in the history of the internet. Everyone who uses
the internet is exposed to Heartbleed – Windows, Mac and Linux users alike,
along with smartphone and tablet owners. Heartbleed isn't a virus, nor is it a
bug in one specific application. The reason Heartbleed is such a
significant threat is it's a flaw at the very heart of online
security.
The
Heartbleed flaw lies in the Open SSL encryption system used by many of the
world's largest online services, including Google, Facebook, Yahoo, Dropbox and
many others. The vulnerability extends to email, instant messaging, online
storage and any other supposedly secure services these giants offer. The
security padlock icon in your browser may have assured you that you were safe
from prying eyes, but you weren't.
Undiscovered
for two years, the Heartbleed flaw lets hackers trick vulnerable servers into
handing over details of whatever they're currently processing – which could
include your password and other security details. Heartbleed also gives hackers
the ability to snoop on your traffic and even set up fake websites
that look genuine and still display the security padlock.
Perhaps
the scariest thing about Heartbleed is that it doesn't show up on server logs,
so there's no way of knowing who has sneaked into your accounts and what they may
have found. All we can do at this point is change the locks and issue new keys
to everyone – which means updating servers and changing passwords.
The best
way to protect yourself against Heartbleed is to change your passwords on every
affected website and service. It's important to wait until after they've
installed the Heartbleed security patch on their servers, otherwise hackers
could steal your new password as well. Most affected services should have
patched the flaw by now, but if you're unsure you should check their support
pages or contact customer support.
.jpg)
Many
websites, including Google and Facebook, use two-factor authentication to keep
hackers out of your accounts, even if they get their hands on your passwords.
When you login from a new device for the first time you're required to enter a
one-time secondary passcode, generated by an app or sent to you as a text
message.
Heartbleed
offers the opportunity to rethink your password strategy, opting for stronger
passwords and resisting the temptation to reuse passwords. PayPal might not be
vulnerable to Heartbleed, but if you've used the same email address and
password as your Google or Facebook accounts then hackers might try using those
details to break into PayPal along with iTunes, eBay, Amazon and plenty of
other services.
Heartbleed vulnerability has also been found in Google's Android 4.1.1 smartphone and
tablet software, which requires a security patch. Many home routers and
network-attached storage drives that offer secure remote access over the
internet are also vulnerable to Heartbleed and require a firmware update.
Courtesy : Adam Turner
